├── regress ├── err ├── hello ├── serve-bigfile ├── slow ├── valid.ext ├── example.mime.types ├── fuzz │ ├── README.md │ ├── iri.c │ ├── proxy.c │ └── Makefile ├── fill-file.c ├── max-length-reply ├── env ├── invalid ├── regress ├── puny-test.c ├── Makefile └── lib.sh ├── site ├── footer.html ├── vim-screenshot.png ├── README.md ├── header.html ├── mdoc2html.sh ├── menu.pl ├── subst ├── style.css ├── index.gmi ├── Makefile ├── faq.gmi ├── gem2html ├── contrib.gmi └── quickstart.gmi ├── contrib ├── gmid.sysusers ├── Docker.gmid.conf ├── vim │ ├── ftplugin │ │ └── gmid.vim │ ├── ftdetect │ │ └── gmid.vim │ ├── indent │ │ └── gmid.vim │ ├── syntax_checkers │ │ └── gmid │ │ │ └── gmid.vim │ └── ale_linters │ │ └── gmid │ │ └── gmid.vim ├── Makefile ├── gmid.service ├── Dockerfile ├── README ├── gencert ├── mime.types └── renew-certs ├── have ├── reallocarray.c ├── setresgid.c ├── setresuid.c ├── __progname.c ├── explicit_bzero.c ├── recallocarray.c ├── noop.c ├── freezero.c ├── libtls.c ├── wait_any.c ├── arc4random.c ├── getdtablesize.c ├── getprogname.c ├── getdtablecount.c ├── libevent.c ├── pr_set_name.c ├── X509_LOOKUP_mem.c ├── arc4random_buf.c ├── endian_h.c ├── ASN1_time_tm_cmp.c ├── ASN1_time_parse.c ├── SSL_CTX_load_verify_mem.c ├── err.c ├── getentropy.c ├── sys_endian_h.c ├── strnvis.c ├── timingsafe_memcmp.c ├── SSL_CTX_use_certificate_chain_mem.c ├── strlcpy.c ├── openssl.c ├── strlcat.c ├── strtonum.c ├── machine_endian.c ├── program_invocation_short_name.c ├── ASN1_time_tm_clamp_notafter.c ├── memmem.c ├── setproctitle.c ├── queue_h.c ├── Makefile ├── imsg.c ├── tree_h.c ├── vasprintf.c ├── landlock.c └── libevent2.c ├── keys ├── gmid-1.7.pub ├── gmid-1.8.pub ├── gmid-2.0.pub ├── gmid-2.1.pub └── Makefile ├── .dockerignore ├── compat ├── explicit_bzero.c ├── libtls │ ├── Makefile │ ├── asn.c │ ├── tls_peer.c │ ├── tls_bio_cb.c │ └── tls_keypair.c ├── Makefile ├── getdtablesize.c ├── getdtablecount.c ├── freezero.c ├── setresgid.c ├── getprogname.c ├── reallocarray.c ├── setproctitle.c ├── vasprintf.c ├── strlcpy.c ├── timingsafe_memcmp.c ├── setresuid.c ├── strlcat.c ├── strtonum.c ├── err.c ├── arc4random.h ├── recallocarray.c ├── getentropy.c └── vis │ └── vis.h ├── .gitignore ├── LICENSE ├── .github └── workflows │ └── alpine-release.yml ├── iri.h ├── .cirrus.yml ├── log.h ├── gemexp.1 ├── titan.1 ├── gg.1 ├── utf8.c ├── logger.c ├── gmid.8 ├── mime.c ├── README.md ├── proc.h ├── log.c ├── dirs.c └── proxy-proto.c /regress/err: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | exit 1 4 | -------------------------------------------------------------------------------- /site/footer.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /contrib/gmid.sysusers: -------------------------------------------------------------------------------- 1 | u gmid - "gmid Gemini server" - - 2 | -------------------------------------------------------------------------------- /regress/hello: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf "20 text/gemini\r\n" 4 | echo "# hello world" 5 | -------------------------------------------------------------------------------- /site/vim-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omar-polo/gmid/HEAD/site/vim-screenshot.png -------------------------------------------------------------------------------- /regress/serve-bigfile: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf "20 application/octet-stream\r\n" 4 | 5 | exec cat bigfile 6 | -------------------------------------------------------------------------------- /regress/slow: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf "20 " 4 | sleep 1 5 | printf "text/gemini\r\n" 6 | echo "# hello world" 7 | -------------------------------------------------------------------------------- /have/reallocarray.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int 4 | main(void) 5 | { 6 | return !reallocarray(NULL, 2, 2); 7 | } 8 | -------------------------------------------------------------------------------- /keys/gmid-1.7.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: signify public key 2 | RWSK+qgSqgu20CEZZQTAExCxaGaOwGO7AWqru6BKLqQhQDy8Iz1tjXNE 3 | -------------------------------------------------------------------------------- /keys/gmid-1.8.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: signify public key 2 | RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC 3 | -------------------------------------------------------------------------------- /keys/gmid-2.0.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: signify public key 2 | RWQ+Bm0F0FtPLtTnpRe09x/Z6Fiodk4toTZe2TJ4yCqDZ6l0c5wiU9te 3 | -------------------------------------------------------------------------------- /keys/gmid-2.1.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: signify public key 2 | RWSMZUrn4u03g0AwurM9kGiIfhetO5OISPlMMb4+th+Bw8ViotgbzKss 3 | -------------------------------------------------------------------------------- /have/setresgid.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int 5 | main(void) 6 | { 7 | return setresgid(-1, -1, -1) == -1; 8 | } 9 | -------------------------------------------------------------------------------- /have/setresuid.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int 5 | main(void) 6 | { 7 | return setresuid(-1, -1, -1) == -1; 8 | } 9 | -------------------------------------------------------------------------------- /regress/valid.ext: -------------------------------------------------------------------------------- 1 | authorityKeyIdentifier=keyid,issuer 2 | basicConstraints=CA:FALSE 3 | keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 4 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | ** 2 | !*.c 3 | !*.h 4 | !*.y 5 | !*.[1-9] 6 | !compat 7 | !have/*.c 8 | !Makefile 9 | !configure 10 | !contrib/Docker.gmid.conf 11 | !contrib/gencert 12 | -------------------------------------------------------------------------------- /have/__progname.c: -------------------------------------------------------------------------------- 1 | /* public domain */ 2 | 3 | #include 4 | 5 | extern const char *__progname; 6 | 7 | int 8 | main(void) 9 | { 10 | puts(__progname); 11 | } 12 | -------------------------------------------------------------------------------- /have/explicit_bzero.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int 4 | main(void) 5 | { 6 | char buf[] = "hello world"; 7 | 8 | explicit_bzero(buf, sizeof(buf)); 9 | return strcmp(buf, ""); 10 | } 11 | -------------------------------------------------------------------------------- /have/recallocarray.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int 4 | main(void) 5 | { 6 | void *p; 7 | 8 | if ((p = calloc(2, 2)) == NULL) 9 | return 1; 10 | return !recallocarray(p, 2, 3, 2); 11 | } 12 | -------------------------------------------------------------------------------- /site/README.md: -------------------------------------------------------------------------------- 1 | # gmid website/capsule 2 | 3 | These are the sources for the gmid website and Gemini capsule. 4 | 5 | Unlike gmid itself, to build the site you'll need OpenBSD' make (on 6 | linux `bmake` *may* work.) 7 | -------------------------------------------------------------------------------- /contrib/Docker.gmid.conf: -------------------------------------------------------------------------------- 1 | user gmid 2 | chroot "/var/gemini" 3 | 4 | server "localhost" { 5 | listen on * port 1965 6 | cert "/etc/ssl/localhost.pem" 7 | key "/etc/ssl/private/localhost.key" 8 | root "/" 9 | } 10 | -------------------------------------------------------------------------------- /compat/explicit_bzero.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain. 3 | * Written by Matthew Dempsky. 4 | */ 5 | 6 | #include "../config.h" 7 | 8 | #include 9 | 10 | void 11 | explicit_bzero(void *buf, size_t len) 12 | { 13 | memset(buf, 0, len); 14 | } 15 | -------------------------------------------------------------------------------- /contrib/vim/ftplugin/gmid.vim: -------------------------------------------------------------------------------- 1 | if exists("b:did_ftplugin") 2 | finish 3 | endif 4 | let b:did_ftplugin = 1 5 | let b:undo_ftplugin = "setl cms< sua<" 6 | 7 | setlocal suffixesadd+=.conf,.gmid 8 | 9 | " vim-commentary support 10 | setlocal commentstring=#\ %s 11 | -------------------------------------------------------------------------------- /keys/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = Makefile gmid-1.7.pub gmid-1.8.pub gmid-2.0.pub gmid-2.1.pub 2 | 3 | all: false 4 | 5 | dist: ${DISTFILES} 6 | mkdir -p ${DESTDIR} 7 | ${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/ 8 | 9 | .PHONY: all dist 10 | include ../config.mk 11 | -------------------------------------------------------------------------------- /regress/example.mime.types: -------------------------------------------------------------------------------- 1 | # example mime.types file FOR REGRESS TESTS ONLY! 2 | 3 | application/vnd.apple.mpegurl m3u8 4 | application/x-perl pl pm 5 | 6 | # some empty lines because I can 7 | 8 | text/x-mandoc 1 2 3 4 5 6 7 8 9 9 | text/x-mandoc 3bsd 10 | -------------------------------------------------------------------------------- /contrib/vim/ftdetect/gmid.vim: -------------------------------------------------------------------------------- 1 | " Vim filetype detection file 2 | " Language: gmid(1) configuration files 3 | " Licence: ISC 4 | 5 | au BufNewFile,BufRead *.gmid set filetype=gmid 6 | au BufNewFile,BufRead */etc/gmid/* set filetype=gmid 7 | au BufNewFile,BufRead gmid.conf set filetype=gmid 8 | -------------------------------------------------------------------------------- /site/header.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | TITLE | gmid 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /contrib/vim/indent/gmid.vim: -------------------------------------------------------------------------------- 1 | if exists("b:did_indent") 2 | finish 3 | endif 4 | let b:did_indent = 1 5 | 6 | setlocal indentexpr= 7 | 8 | " cindent actually works for simple file structure 9 | setlocal cindent 10 | " Just make sure that the comments are not reset as defs would be. 11 | setlocal cinkeys-=0# 12 | " And indentation works correctly without semicolons. 13 | setlocal cinoptions=+0 14 | -------------------------------------------------------------------------------- /regress/fuzz/README.md: -------------------------------------------------------------------------------- 1 | # Fuzzying gmid 2 | 3 | Here are some notes on how to fuzz some parts of gmid using afl. 4 | 5 | - run `make -C ../../ clean` beforehand so that we compile all relevant 6 | sources with afl-clang. Then, clean again before rebuilding gmid. 7 | 8 | - run `make fuzz-iri` to fuzz the IRI parser. 9 | 10 | - run `make fuzz-proto` to fuzz the proxy v1 protocol parser. 11 | -------------------------------------------------------------------------------- /contrib/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = Makefile \ 2 | Docker.gmid.conf \ 3 | Dockerfile \ 4 | README \ 5 | gencert \ 6 | gmid.service \ 7 | gmid.sysusers \ 8 | mime.types \ 9 | renew-certs 10 | 11 | all: 12 | false 13 | 14 | dist: ${DISTFILES} 15 | mkdir -p ${DESTDIR}/ 16 | ${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/ 17 | cd ${DESTDIR} && chmod 755 gencert renew-certs 18 | cp -R vim ${DESTDIR}/vim 19 | 20 | .PHONY: all dist 21 | include ../config.mk 22 | -------------------------------------------------------------------------------- /contrib/gmid.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The gmid Gemini server 3 | Documentation=https://gmid.omarpolo.com/ 4 | After=network-online.target syslog.target 5 | Wants=network-online.target 6 | 7 | [Service] 8 | Type=simple 9 | ExecStart=/usr/local/bin/gmid -f -c /etc/gmid.conf 10 | ExecStop=/bin/kill -TERM $MAINPID 11 | ExecReload=/bin/kill -HUP $MAINPID 12 | Restart=on-failure 13 | RestartSec=30 14 | StandardOutput=journal 15 | StandardError=inherit 16 | SyslogIdentifier=gmid 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /site/mdoc2html.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # usage: mdoc2html.sh src out 4 | # 5 | # converts the manpage `src' to the HTML file `out', tweaking the 6 | # style 7 | 8 | set -e 9 | 10 | : ${1:?missing input file} 11 | : ${2:?missing output file} 12 | 13 | man -Thtml -l "$1" > "$2" 14 | 15 | exec ed "$2" < 17 | a 18 | body { 19 | max-width: 960px; 20 | margin: 0 auto; 21 | padding: 0 10px; 22 | font-size: 1rem; 23 | } 24 | 25 | pre { 26 | overflow: auto; 27 | } 28 | . 29 | wq 30 | EOF 31 | -------------------------------------------------------------------------------- /compat/libtls/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = Makefile \ 2 | asn.c \ 3 | by_mem.c \ 4 | openssl.c \ 5 | tls.c \ 6 | tls.h \ 7 | tls_bio_cb.c \ 8 | tls_client.c \ 9 | tls_config.c \ 10 | tls_conninfo.c \ 11 | tls_internal.h \ 12 | tls_keypair.c \ 13 | tls_ocsp.c \ 14 | tls_peer.c \ 15 | tls_server.c \ 16 | tls_signer.c \ 17 | tls_util.c \ 18 | tls_verify.c 19 | 20 | all: 21 | false 22 | 23 | dist: ${DISTFILES} 24 | mkdir -p ${DESTDIR}/ 25 | ${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/ 26 | 27 | .PHONY: all dist 28 | include ../../config.mk 29 | -------------------------------------------------------------------------------- /contrib/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | WORKDIR /build 3 | RUN apk update && \ 4 | apk upgrade && \ 5 | apk add --repository=https://dl-cdn.alpinelinux.org/alpine/edge/main \ 6 | alpine-sdk \ 7 | linux-headers \ 8 | bison \ 9 | libevent-dev \ 10 | openssl-dev 11 | COPY . . 12 | RUN ./configure && make && make install 13 | RUN adduser -H -S -s /sbin/nologin gmid 14 | RUN mkdir /var/gemini 15 | RUN ./contrib/gencert -e localhost && \ 16 | mv localhost.pem /etc/ssl && \ 17 | mv localhost.key /etc/ssl/private 18 | RUN mv contrib/Docker.gmid.conf /etc/gmid.conf 19 | ENTRYPOINT ["gmid", "-f"] 20 | -------------------------------------------------------------------------------- /regress/fuzz/iri.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "iri.h" 6 | 7 | int 8 | main(void) 9 | { 10 | struct iri iri; 11 | const char *errstr = NULL; 12 | char buf[64]; 13 | char *line = NULL; 14 | size_t linesize = 0; 15 | ssize_t linelen; 16 | 17 | if ((linelen = getline(&line, &linesize, stdin)) == -1) 18 | return (1); 19 | 20 | if (line[linelen-1] == '\n') 21 | line[--linelen] = '\0'; 22 | 23 | if (parse_iri(line, &iri, &errstr)) { 24 | if (serialize_iri(&iri, buf, sizeof(buf))) 25 | puts(buf); 26 | } 27 | 28 | free(line); 29 | if (ferror(stdin)) { 30 | perror("getline"); 31 | return (1); 32 | } 33 | 34 | return (0); 35 | } 36 | -------------------------------------------------------------------------------- /regress/fill-file.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | /* I need a big file made up of ascii characters. dd if=/dev/zero is 4 | * thus not an option, truncate is not portable. This is some order 5 | * of magnitude faster than the equivalent sh script */ 6 | 7 | int 8 | main(int argc, char **argv) 9 | { 10 | FILE *out; 11 | int i, j; 12 | 13 | if (argc != 2) { 14 | fprintf(stderr, "USAGE: %s \n", *argv); 15 | return 1; 16 | } 17 | 18 | if ((out = fopen(argv[1], "w")) == NULL) { 19 | fprintf(stderr, "cannot open file: %s\n", argv[1]); 20 | return 1; 21 | } 22 | 23 | for (i = 0; i < 1024; ++i) 24 | for (j = 0; j < 1024; ++j) 25 | fprintf(out, "a\n"); 26 | 27 | fclose(out); 28 | return 0; 29 | } 30 | -------------------------------------------------------------------------------- /site/menu.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | 3 | use v5.10; 4 | use strict; 5 | use warnings; 6 | 7 | my $page = shift or die 'missing page'; 8 | my $outtype = shift or die 'missing output type'; 9 | my @pages = (); 10 | 11 | while (<>) { 12 | chomp; 13 | @pages = (@pages, $_); 14 | } 15 | 16 | my $did = 0; 17 | for (@pages) { 18 | my ($href, $text) = m/^([^\s]*)\s*(.*)$/; 19 | 20 | if ($outtype eq 'gemini') { 21 | if ($href ne $page) { 22 | say "=> $href $text"; 23 | } 24 | } else { 25 | if (!$did) { 26 | $did = 1; 27 | } else { 28 | print "| "; 29 | } 30 | 31 | if ($href eq $page) { 32 | print "$text "; 33 | } else { 34 | print "$text "; 35 | } 36 | } 37 | } 38 | 39 | say ""; 40 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *.pem 3 | TAGS 4 | gmid 5 | gg 6 | gemexp 7 | titan 8 | **/*.[do] 9 | *.swp 10 | docs 11 | y.tab.* 12 | compile_flags.txt 13 | config.h 14 | config.h.old 15 | config.log 16 | config.log.old 17 | config.mk 18 | configure.local 19 | !contrib/gmid 20 | !contrib/vim/ale_linters/gmid 21 | !contrib/vim/syntax_checkers/gmid 22 | regress/testdata 23 | regress/*.pem 24 | regress/*.key 25 | regress/*.crt 26 | regress/*.csr 27 | regress/*.srl 28 | regress/reg.conf 29 | regress/fcgi-test 30 | regress/fcgi.sock 31 | regress/fill-file 32 | regress/iri_test 33 | regress/puny-test 34 | regress/gmid.pid 35 | 36 | regress/fuzz/in 37 | regress/fuzz/iri 38 | regress/fuzz/min 39 | regress/fuzz/out 40 | regress/fuzz/proxy 41 | 42 | site/gemini 43 | site/www 44 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020, 2021, 2022 Omar Polo 2 | 3 | Permission to use, copy, modify, and distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /compat/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = Makefile \ 2 | arc4random.c \ 3 | arc4random.h \ 4 | chacha_private.h \ 5 | err.c \ 6 | explicit_bzero.c \ 7 | freezero.c \ 8 | getdtablecount.c \ 9 | getdtablesize.c \ 10 | getentropy.c \ 11 | getprogname.c \ 12 | imsg-buffer.c \ 13 | imsg.c \ 14 | imsg.h \ 15 | memmem.c \ 16 | queue.h \ 17 | reallocarray.c \ 18 | recallocarray.c \ 19 | setproctitle.c \ 20 | setresgid.c \ 21 | setresuid.c \ 22 | strlcat.c \ 23 | strlcpy.c \ 24 | strtonum.c \ 25 | timingsafe_memcmp.c \ 26 | tree.h \ 27 | vasprintf.c \ 28 | vis.c 29 | 30 | all: 31 | false 32 | 33 | dist: ${DISTFILES} 34 | mkdir -p ${DESTDIR}/ 35 | ${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/ 36 | mkdir -p ${DESTDIR}/vis 37 | ${INSTALL} -m 0644 vis/vis.h ${DESTDIR}/vis 38 | ${MAKE} -C libtls DESTDIR=${DESTDIR}/libtls dist 39 | 40 | .PHONY: all dist 41 | include ../config.mk 42 | -------------------------------------------------------------------------------- /have/noop.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | int 18 | main(void) 19 | { 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /have/freezero.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | freezero(NULL, 0); 23 | } 24 | -------------------------------------------------------------------------------- /have/libtls.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return tls_init() != 0; 23 | } 24 | -------------------------------------------------------------------------------- /have/wait_any.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return WAIT_ANY; 23 | } 24 | -------------------------------------------------------------------------------- /have/arc4random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return arc4random(); 23 | } 24 | -------------------------------------------------------------------------------- /have/getdtablesize.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return getdtablesize() == 0; 23 | } 24 | -------------------------------------------------------------------------------- /have/getprogname.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return getprogname() == NULL; 23 | } 24 | -------------------------------------------------------------------------------- /have/getdtablecount.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | return getdtablecount() == 0; 23 | } 24 | -------------------------------------------------------------------------------- /contrib/README: -------------------------------------------------------------------------------- 1 | This directory is for additional contributed files which may be 2 | useful. 3 | 4 | Dockerfile 5 | 6 | Sample Dockerfile to build alpine-based gmid images. 7 | 8 | gencert 9 | 10 | Simple shell script to generate self-signed certificates. 11 | 12 | gmid.service 13 | 14 | Simple systemd service file. 15 | 16 | gmid.sysusers 17 | 18 | Sample systemd-sysusers' config file. 19 | 20 | mime.types 21 | 22 | A copy of OpenBSD' /usr/share/misc/mime.types to be included 23 | within a `types' block. 24 | 25 | renew-certs 26 | 27 | Flexible script meant to be run in a cronjob to watch for cert 28 | expiration. It can optionally regen the (self-signed) 29 | certificate in place and restart the server too. 30 | 31 | vim 32 | 33 | Syntax highlighting of gmid configuration for vim, to be 34 | placed into ~/.vim/ or /usr/share/vim/vimfiles/. 35 | 36 | To enable Syntastic checker, put this line in your vimrc: 37 | 38 | let g:syntastic_gmid_checkers = ['gmid'] 39 | -------------------------------------------------------------------------------- /have/libevent.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | int 22 | main(void) 23 | { 24 | event_init(); 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /have/pr_set_name.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | prctl(PR_SET_NAME, "foo"); 24 | } 25 | -------------------------------------------------------------------------------- /have/X509_LOOKUP_mem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | return X509_LOOKUP_mem() != NULL; 24 | } 25 | -------------------------------------------------------------------------------- /compat/getdtablesize.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | 21 | int 22 | getdtablesize(void) 23 | { 24 | return sysconf(_SC_OPEN_MAX); 25 | } 26 | -------------------------------------------------------------------------------- /have/arc4random_buf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | char buf[128]; 23 | 24 | arc4random_buf(buf, sizeof(buf)); 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /have/endian_h.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | uint16_t x; 24 | 25 | x = 42; 26 | return (htobe16(x)); 27 | } 28 | -------------------------------------------------------------------------------- /have/ASN1_time_tm_cmp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | int 22 | main(void) 23 | { 24 | return ASN1_time_tm_cmp(NULL, NULL); 25 | } 26 | 27 | -------------------------------------------------------------------------------- /have/ASN1_time_parse.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | int 22 | main(void) 23 | { 24 | return ASN1_time_parse("", 0, NULL, 0); 25 | } 26 | 27 | -------------------------------------------------------------------------------- /have/SSL_CTX_load_verify_mem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | return SSL_CTX_load_verify_mem(NULL, NULL, 0); 24 | } 25 | -------------------------------------------------------------------------------- /have/err.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | warnx("%d. warnx", 1); 23 | warn("%d. warn", 2); 24 | err(0, "%d. err", 3); 25 | return 1; 26 | } 27 | -------------------------------------------------------------------------------- /have/getentropy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | char buf[1024]; 24 | 25 | return getentropy(buf, sizeof(buf)); 26 | } 27 | -------------------------------------------------------------------------------- /have/sys_endian_h.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | uint16_t x; 24 | 25 | x = 42; 26 | return (htobe16(x)); 27 | } 28 | -------------------------------------------------------------------------------- /have/strnvis.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | char buf[128]; 24 | 25 | return strnvis(buf, "Hello, world!\n", sizeof(buf), 0); 26 | } 27 | -------------------------------------------------------------------------------- /contrib/vim/syntax_checkers/gmid/gmid.vim: -------------------------------------------------------------------------------- 1 | " Syntax checking plugin for syntastic 2 | " Language: gmid(1) configuration file 3 | " Licence: ISC 4 | 5 | if exists('g:loaded_syntastic_gmid_gmid_checker') 6 | finish 7 | endif 8 | let g:loaded_syntastic_gmid_gmid_checker = 1 9 | 10 | let s:save_cpo = &cpo 11 | set cpo&vim 12 | 13 | function! SyntaxCheckers_gmid_gmid_GetLocList() dict 14 | let makeprg = self.makeprgBuild({ 'args': '-nc' }) 15 | 16 | let errorformat = 17 | \ '%-Gconfig OK,' . 18 | \ '%f:%l %tarning: %m,' . 19 | \ '%f:%l %trror: %m' 20 | 21 | return SyntasticMake({ 22 | \ 'makeprg': makeprg, 23 | \ 'errorformat': errorformat, 24 | \ 'defaults': {'type': 'E'}, 25 | \ 'returns': [0, 1] }) 26 | endfunction 27 | 28 | call g:SyntasticRegistry.CreateAndRegisterChecker({ 29 | \ 'filetype': 'gmid', 30 | \ 'name': 'gmid', 31 | \ 'exec': 'gmid'}) 32 | 33 | let &cpo = s:save_cpo 34 | unlet s:save_cpo 35 | 36 | " vim: set sw=4 sts=4 et fdm=marker: 37 | -------------------------------------------------------------------------------- /have/timingsafe_memcmp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | const char *a = "foo"; 23 | const char *b = "bar"; 24 | 25 | return timingsafe_memcmp(a, b, 3); 26 | } 27 | -------------------------------------------------------------------------------- /have/SSL_CTX_use_certificate_chain_mem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int 21 | main(void) 22 | { 23 | return SSL_CTX_use_certificate_chain_mem(NULL, NULL, 0); 24 | } 25 | -------------------------------------------------------------------------------- /have/strlcpy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | char buf[2] = ""; 23 | return ! (strlcpy(buf, "a", sizeof(buf)) == 1 && 24 | buf[0] == 'a' && buf[1] == '\0'); 25 | } 26 | -------------------------------------------------------------------------------- /regress/fuzz/proxy.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "gmid.h" 6 | 7 | int 8 | main(void) 9 | { 10 | struct proxy_protocol_v1 pp1; 11 | char buf[1024]; 12 | char *line = NULL; 13 | size_t consumed, linesize = 0; 14 | ssize_t linelen; 15 | 16 | memset(&pp1, 0, sizeof(pp1)); 17 | memset(buf, 0, sizeof(buf)); 18 | 19 | if ((linelen = getline(&line, &linesize, stdin)) == -1) 20 | return (1); 21 | 22 | if (proxy_proto_v1_parse(&pp1, line, linelen, &consumed) != -1) { 23 | switch (pp1.proto) { 24 | case PROTO_V4: 25 | inet_ntop(AF_INET, &pp1.srcaddr.v4, buf, sizeof(buf)); 26 | break; 27 | case PROTO_V6: 28 | inet_ntop(AF_INET6, &pp1.srcaddr.v6, buf, sizeof(buf)); 29 | break; 30 | case PROTO_UNKNOWN: 31 | strlcpy(buf, "UNKNOWN", sizeof(buf)); 32 | break; 33 | default: 34 | abort(); 35 | } 36 | puts(buf); 37 | } 38 | 39 | free(line); 40 | if (ferror(stdin)) { 41 | perror("getline"); 42 | return (1); 43 | } 44 | 45 | return (0); 46 | } 47 | -------------------------------------------------------------------------------- /have/openssl.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | X509 *x509; 23 | 24 | if ((x509 = X509_new()) == NULL) 25 | return 1; 26 | X509_free(x509); 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /regress/max-length-reply: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf '20 iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii\r\n' 4 | -------------------------------------------------------------------------------- /have/strlcat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | char buf[3] = "a"; 23 | return ! (strlcat(buf, "b", sizeof(buf)) == 2 && 24 | buf[0] == 'a' && buf[1] == 'b' && buf[2] == '\0'); 25 | } 26 | -------------------------------------------------------------------------------- /compat/getdtablecount.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | /* XXX: on linux it's possible to glob("/proc/$pid/fd/ *") to know the 18 | * dtablecount. */ 19 | 20 | #include "../config.h" 21 | 22 | int 23 | getdtablecount(void) 24 | { 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /have/strtonum.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | const char *str = "42", *errstr; 23 | int res; 24 | 25 | res = strtonum(str, 1, 64, &errstr); 26 | return res != 42 || errstr != NULL; 27 | } 28 | -------------------------------------------------------------------------------- /have/machine_endian.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | int 22 | main(void) 23 | { 24 | uint16_t x; 25 | 26 | x = 42; 27 | return (OSSwapHostToBigInt16(x)); 28 | } 29 | -------------------------------------------------------------------------------- /have/program_invocation_short_name.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | extern char *program_invocation_short_name; 21 | 22 | int 23 | main(void) 24 | { 25 | return program_invocation_short_name == NULL; 26 | } 27 | -------------------------------------------------------------------------------- /compat/freezero.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | #include 21 | 22 | void 23 | freezero(void *ptr, size_t len) 24 | { 25 | if (ptr == NULL) 26 | return; 27 | 28 | memset(ptr, 0, len); 29 | free(ptr); 30 | } 31 | -------------------------------------------------------------------------------- /have/ASN1_time_tm_clamp_notafter.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | struct tm; 22 | 23 | int ASN1_time_tm_clamp_notafter(struct tm *tm); 24 | 25 | int 26 | main(void) 27 | { 28 | return ASN1_time_tm_clamp_notafter(NULL); 29 | } 30 | -------------------------------------------------------------------------------- /have/memmem.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | int 20 | main(void) 21 | { 22 | char big[33], little[2]; 23 | 24 | memset(big, 0, sizeof(big)); 25 | memset(little, 0, sizeof(little)); 26 | return (memmem(big, sizeof(big), little, sizeof(little)) == NULL); 27 | } 28 | -------------------------------------------------------------------------------- /.github/workflows/alpine-release.yml: -------------------------------------------------------------------------------- 1 | name: release docker image 2 | on: 3 | push: 4 | tags: 5 | - '*' 6 | branches: 7 | - master 8 | env: 9 | IMAGE_NAME: "gmid" 10 | jobs: 11 | build: 12 | permissions: write-all 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v1 16 | 17 | - name: build the image 18 | run: docker build -f contrib/Dockerfile -t gmid:alpine . 19 | 20 | - name: login to ghcr.io 21 | uses: docker/login-action@v2 22 | with: 23 | registry: ghcr.io 24 | username: ${{ github.actor }} 25 | password: ${{ secrets.GITHUB_TOKEN }} 26 | 27 | - name: push the image 28 | run: | 29 | IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME 30 | IMAGE_ID=$(echo $IMAGE_ID | tr A-Z a-z) 31 | # strip git ref prefix from version 32 | VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') 33 | echo IMAGE_ID=$IMAGE_ID 34 | echo VERSION=$VERSION 35 | docker tag gmid:alpine $IMAGE_ID:$VERSION 36 | docker push $IMAGE_ID:$VERSION 37 | -------------------------------------------------------------------------------- /have/setproctitle.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | /* 18 | * FreeBSD has setproctitle in a different header than OpenBSD. 19 | */ 20 | 21 | #include 22 | 23 | #include 24 | #include 25 | 26 | int 27 | main(void) 28 | { 29 | setproctitle("%s", "frobnicator"); 30 | } 31 | -------------------------------------------------------------------------------- /contrib/vim/ale_linters/gmid/gmid.vim: -------------------------------------------------------------------------------- 1 | " Linter for ALE 2 | " Language: gmid(1) configuration file 3 | " Licence: ISC 4 | 5 | call ale#Set('gmid_executable', 'gmid') 6 | 7 | function! ale_linters#gmid#gmid#Handle(buffer, lines) abort 8 | let l:output = [] 9 | let l:gmid_type_to_ale_type = { 10 | \ 'error': 'E', 11 | \ 'warning': 'W', 12 | \} 13 | 14 | let l:pattern = '\v^(.*):(\d*) ([a-z]+): (.*)$' 15 | for l:match in ale#util#GetMatches(a:lines, l:pattern) 16 | call add(l:output, { 17 | \ 'filename': l:match[1], 18 | \ 'lnum': l:match[2], 19 | \ 'type': get(l:gmid_type_to_ale_type, l:match[3], 'E'), 20 | \ 'text': l:match[4], 21 | \}) 22 | endfor 23 | 24 | return l:output 25 | endfunction 26 | 27 | call ale#linter#Define('gmid', { 28 | \ 'name': 'gmid', 29 | \ 'executable': {buffer -> ale#Var(buffer, 'gmid_executable')}, 30 | \ 'command': '%e -nc %s', 31 | \ 'output_stream': 'both', 32 | \ 'lint_file': 1, 33 | \ 'callback': 'ale_linters#gmid#gmid#Handle', 34 | \}) 35 | 36 | " vim: set sw=4 sts=4 et fdm=marker: 37 | -------------------------------------------------------------------------------- /have/queue_h.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | TAILQ_HEAD(tailhead, entry) head; 22 | struct entry { 23 | TAILQ_ENTRY(entry) entries; 24 | } *np, *nt; 25 | 26 | int 27 | main(void) 28 | { 29 | TAILQ_INIT(&head); 30 | TAILQ_FOREACH_SAFE(np, &head, entries, nt) { 31 | /* nop */; 32 | } 33 | 34 | return 0; 35 | } 36 | -------------------------------------------------------------------------------- /have/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = ASN1_time_parse.c \ 2 | ASN1_time_tm_clamp_notafter.c \ 3 | ASN1_time_tm_cmp.c \ 4 | Makefile \ 5 | SSL_CTX_load_verify_mem.c \ 6 | SSL_CTX_use_certificate_chain_mem.c \ 7 | X509_LOOKUP_mem.c \ 8 | __progname.c \ 9 | arc4random.c \ 10 | arc4random_buf.c \ 11 | endian_h.c \ 12 | err.c \ 13 | explicit_bzero.c \ 14 | freezero.c \ 15 | getdtablecount.c \ 16 | getdtablesize.c \ 17 | getentropy.c \ 18 | getprogname.c \ 19 | imsg.c \ 20 | landlock.c \ 21 | libevent.c \ 22 | libevent2.c \ 23 | libtls.c \ 24 | machine_endian.c \ 25 | memmem.c \ 26 | noop.c \ 27 | openssl.c \ 28 | pr_set_name.c \ 29 | program_invocation_short_name.c \ 30 | queue_h.c \ 31 | reallocarray.c \ 32 | recallocarray.c \ 33 | setproctitle.c \ 34 | setresgid.c \ 35 | setresuid.c \ 36 | strlcat.c \ 37 | strlcpy.c \ 38 | strnvis.c \ 39 | strtonum.c \ 40 | sys_endian_h.c \ 41 | timingsafe_memcmp.c \ 42 | tree_h.c \ 43 | vasprintf.c \ 44 | wait_any.c 45 | 46 | all: 47 | false 48 | 49 | dist: ${DISTFILES} 50 | mkdir -p ${DESTDIR}/ 51 | ${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/ 52 | 53 | .PHONY: all dist 54 | include ../config.mk 55 | -------------------------------------------------------------------------------- /have/imsg.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | int 24 | main(void) 25 | { 26 | struct imsgbuf imsgbuf; 27 | struct imsg imsg; 28 | 29 | if (imsgbuf_init(&imsgbuf, -1) == -1) 30 | return 1; 31 | imsgbuf_allow_fdpass(&imsgbuf); 32 | return imsg_get_fd(&imsg); 33 | } 34 | -------------------------------------------------------------------------------- /iri.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | struct iri { 18 | char *schema; 19 | char *host; 20 | char *port; 21 | uint16_t port_no; 22 | char *path; 23 | char *query; 24 | char *fragment; 25 | }; 26 | 27 | int parse_iri(char*, struct iri*, const char**); 28 | int serialize_iri(struct iri*, char*, size_t); 29 | int encode_path(char *, size_t, const char *); 30 | char *pct_decode_str(char *); 31 | -------------------------------------------------------------------------------- /compat/setresgid.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004, 2005 Darren Tucker (dtucker at zip com au). 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | #include 21 | 22 | int 23 | setresgid(gid_t rgid, gid_t egid, gid_t sgid) 24 | { 25 | /* this is the only configuration tested */ 26 | 27 | if (rgid != egid || egid != sgid) 28 | return -1; 29 | 30 | if (setregid(rgid, egid) == -1) 31 | return -1; 32 | 33 | return 0; 34 | } 35 | -------------------------------------------------------------------------------- /have/tree_h.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | 21 | struct tree { 22 | int i; 23 | SPLAY_ENTRY(tree) entry; 24 | }; 25 | SPLAY_HEAD(tree_id, tree); 26 | 27 | static int 28 | tree_cmp(struct tree *a, struct tree *b) 29 | { 30 | if (a->i == b->i) 31 | return 0; 32 | else if (a->i < b->i) 33 | return -1; 34 | else 35 | return +1; 36 | } 37 | 38 | SPLAY_PROTOTYPE(tree_id, tree, entry, tree_cmp); 39 | SPLAY_GENERATE(tree_id, tree, entry, tree_cmp); 40 | 41 | int 42 | main(void) 43 | { 44 | return 0; 45 | } 46 | -------------------------------------------------------------------------------- /have/vasprintf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | static int testfn(char **, const char*, ...); 22 | 23 | static int 24 | testfn(char **ret, const char *fmt, ...) 25 | { 26 | va_list ap; 27 | int irc; 28 | 29 | va_start(ap, fmt); 30 | irc = vasprintf(ret, fmt, ap); 31 | va_end(ap); 32 | 33 | return irc; 34 | } 35 | 36 | int 37 | main(void) 38 | { 39 | char *ret; 40 | 41 | if (testfn(&ret, "%s.", "Text") != 5) 42 | return 1; 43 | if (strcmp(ret, "Text.")) 44 | return 2; 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /compat/getprogname.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #if HAVE___PROGNAME 20 | 21 | #include 22 | 23 | extern char *__progname; 24 | 25 | const char * 26 | getprogname(void) 27 | { 28 | return __progname; 29 | } 30 | 31 | #elif HAVE_PROGRAM_INVOCATION_SHORT_NAME 32 | 33 | #include 34 | 35 | extern char *program_invocation_short_name; 36 | 37 | const char * 38 | getprogname(void) 39 | { 40 | return program_invocation_short_name; 41 | } 42 | 43 | #else 44 | # warning Found no way to get the program name, will use "gmid" for all utilities. 45 | const char * 46 | getprogname(void) 47 | { 48 | return "gmid"; 49 | } 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /site/subst: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Copyright (c) 2022 Omar Polo 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | # 17 | # subst -- filter that replaces key=values pairs 18 | # 19 | # usage: subst key1=val1 [... keyn=valn] [files...] 20 | # 21 | # Use `--' before the first file if it may contain an = in its name. 22 | # If no files are given, read and substitute from standard input. 23 | 24 | use v5.10; 25 | use strict; 26 | use warnings; 27 | 28 | my @args = (); 29 | 30 | while (1) { 31 | $_ = shift; 32 | last if !$_; 33 | 34 | if ($_ eq '--') { 35 | last; 36 | } elsif ($_ !~ m/=/) { 37 | unshift @ARGV, $_; 38 | last; 39 | } 40 | 41 | my ($match, $repl) = m/^([^\s]*)=(.*)$/; 42 | push @args, "-e", "s,$match,$repl,g"; 43 | } 44 | 45 | # OK, shelling out to sed is a bit lame... 46 | exec "sed", @args, @ARGV; 47 | -------------------------------------------------------------------------------- /compat/reallocarray.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: reallocarray.c,v 1.3 2015/09/13 08:31:47 guenther Exp $ */ 2 | /* 3 | * Copyright (c) 2008 Otto Moerbeek 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "../config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | /* 26 | * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX 27 | * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW 28 | */ 29 | #define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) 30 | 31 | void * 32 | reallocarray(void *optr, size_t nmemb, size_t size) 33 | { 34 | if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && 35 | nmemb > 0 && SIZE_MAX / nmemb < size) { 36 | errno = ENOMEM; 37 | return NULL; 38 | } 39 | return realloc(optr, size * nmemb); 40 | } 41 | -------------------------------------------------------------------------------- /have/landlock.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include 23 | 24 | #ifndef landlock_create_ruleset 25 | static inline int 26 | landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size, 27 | __u32 flags) 28 | { 29 | return syscall(__NR_landlock_create_ruleset, attr, size, flags); 30 | } 31 | #endif 32 | 33 | int 34 | main(void) 35 | { 36 | int rfd; 37 | const struct landlock_ruleset_attr rsattr = { 38 | .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | 39 | LANDLOCK_ACCESS_FS_READ_DIR 40 | }; 41 | 42 | rfd = landlock_create_ruleset(&rsattr, sizeof(rsattr), 0); 43 | return rfd == -1; 44 | } 45 | -------------------------------------------------------------------------------- /.cirrus.yml: -------------------------------------------------------------------------------- 1 | # seems that inside the CI it's not currently possible to bind to ::1 2 | # so set HAVE_IPV6=no. 3 | 4 | linux_amd64_task: 5 | container: 6 | image: alpine:latest 7 | test_script: 8 | - apk add alpine-sdk linux-headers bison libretls-dev libevent-dev 9 | - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror 10 | - make 11 | - make regress REGRESS_HOST="*" HAVE_IPV6=no 12 | 13 | linux_arm_task: 14 | arm_container: 15 | image: alpine:latest 16 | test_script: 17 | - apk add alpine-sdk linux-headers bison libretls-dev libevent-dev 18 | - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror 19 | - make 20 | - make regress REGRESS_HOST="*" HAVE_IPV6=no 21 | 22 | freebsd_14_task: 23 | freebsd_instance: 24 | image_family: freebsd-14-2 25 | install_script: pkg install -y libevent libressl pkgconf 26 | script: 27 | - ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror 28 | - make 29 | - make regress HAVE_IPV6=no 30 | 31 | # 32 | # There are some issues with imsg fd passing on macos at the moment that 33 | # seem to be triggered only in applications that do a heavy use of them, 34 | # like gmid or opensmtpd. Still, keep macos to ensure gmid builds here. 35 | # 36 | mac_task: 37 | macos_instance: 38 | image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest 39 | test_script: 40 | - brew install libevent openssl libretls 41 | - PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" ./configure CFLAGS='-O2 -pipe -Wno-deprecated-declarations' -Werror 42 | - make 43 | - SKIP_RUNTIME_TESTS=1 make regress 44 | -------------------------------------------------------------------------------- /compat/setproctitle.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2016 Nicholas Marriott 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER 13 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 14 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #if HAVE_PR_SET_NAME 26 | 27 | #include 28 | 29 | void 30 | setproctitle(const char *fmt, ...) 31 | { 32 | char title[16], name[16], *cp; 33 | va_list ap; 34 | int used; 35 | 36 | va_start(ap, fmt); 37 | vsnprintf(title, sizeof title, fmt, ap); 38 | va_end(ap); 39 | 40 | used = snprintf(name, sizeof name, "%s: %s", getprogname(), title); 41 | if (used >= (int)sizeof name) { 42 | cp = strrchr(name, ' '); 43 | if (cp != NULL) 44 | *cp = '\0'; 45 | } 46 | prctl(PR_SET_NAME, name); 47 | } 48 | #else 49 | void 50 | setproctitle(const char *fmt, ...) 51 | { 52 | (void)fmt; 53 | } 54 | #endif 55 | -------------------------------------------------------------------------------- /compat/vasprintf.c: -------------------------------------------------------------------------------- 1 | /* from mandoc, with tweaks */ 2 | /* 3 | * Copyright (c) 2015 Ingo Schwarze 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | * 17 | * This fallback implementation is not efficient: 18 | * It does the formatting twice. 19 | * Short of fiddling with the unknown internals of the system's 20 | * printf(3) or completely reimplementing printf(3), i can't think 21 | * of another portable solution. 22 | */ 23 | 24 | #include "../config.h" 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | int 31 | vasprintf(char **ret, const char *format, va_list ap) 32 | { 33 | char buf[2]; 34 | va_list ap2; 35 | int sz; 36 | 37 | va_copy(ap2, ap); 38 | sz = vsnprintf(buf, sizeof(buf), format, ap2); 39 | va_end(ap2); 40 | 41 | if (sz != -1 && (*ret = malloc(sz + 1)) != NULL) { 42 | if (vsnprintf(*ret, sz + 1, format, ap) == sz) 43 | return sz; 44 | free(*ret); 45 | } 46 | *ret = NULL; 47 | return -1; 48 | } 49 | -------------------------------------------------------------------------------- /have/libevent2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | static void 29 | rw_cb(struct bufferevent *bev, void *d) 30 | { 31 | return; 32 | } 33 | 34 | static void 35 | err_cb(struct bufferevent *bev, short err, void *d) 36 | { 37 | return; 38 | } 39 | 40 | int 41 | main(void) 42 | { 43 | struct bufferevent *bev; 44 | 45 | event_init(); 46 | 47 | if ((bev = bufferevent_new(0, rw_cb, rw_cb, err_cb, NULL)) == NULL) 48 | return 1; 49 | 50 | evbuffer_unfreeze(bev->input, 0); 51 | evbuffer_unfreeze(bev->output, 1); 52 | 53 | bufferevent_free(bev); 54 | 55 | return 0; 56 | } 57 | -------------------------------------------------------------------------------- /regress/fuzz/Makefile: -------------------------------------------------------------------------------- 1 | DISTFILES = Makefile \ 2 | iri.c 3 | 4 | include ../../config.mk 5 | 6 | CC = afl-clang 7 | 8 | COBJS = ${COMPATS:.c=.o} 9 | REG_COMPATS = ${COBJS:%=../../%} 10 | 11 | IRI_SRCS = iri.c ../../iri.c ../../utf8.c ../../log.c 12 | IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS} 13 | 14 | PROXY_SRCS = proxy.c ../../proxy-proto.c ../../log.c 15 | PROXY_OBJS = ${PROXY_SRCS:.c=.o} ${REG_COMPATS} 16 | 17 | .PHONY: all data clean dist 18 | 19 | all: 20 | @echo run ${MAKE} fuzz-iri to fuzz the IRI parser 21 | @echo run ${MAKE} fuzz-proxy to fuzz the proxy v1 protocol parser 22 | 23 | fuzz-iri: iri 24 | rm -rf in out 25 | mkdir -p in out 26 | echo 'gemini://omarpolo.com/' > in/simple 27 | echo 'https://op:123@omarpolo.com/' > in/auth 28 | echo 'ftp://op@omarpolo.com/a/bb/c' > in/path 29 | echo 'gemini://omarpolo.com/?some=val' > in/query 30 | echo 'gemini://omarpolo.com/b/#xyz' > in/fragment 31 | echo 'gemini://omarpolo.com/b/?x=y#xyz' > in/qf 32 | echo 'ssh://omarpolo.com/%2F/' > in/enc 33 | echo 'http://omarpolo.com/foo/.././' > in/dots 34 | echo 'http://omarpolo.com/////././' > in/slash 35 | afl-fuzz -i in -o out -- ./iri 36 | 37 | fuzz-proxy: proxy 38 | rm -rf in out 39 | mkdir -p in out 40 | printf 'PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n' >in/ipv4 41 | printf 'PROXY TCP6 fe80::1 fd4b:b287:5c6f:1f4::2 65535 65535\r\n' >in/ipv6 42 | printf 'PROXY UNKNOWN\r\n' > in/unknown 43 | afl-fuzz -i in -o out -- ./proxy 44 | 45 | iri: ${IRI_OBJS} 46 | ${CC} ${IRI_OBJS} -o $@ ${LIBS} ${LDFLAGS} 47 | 48 | proxy: ${PROXY_OBJS} 49 | ${CC} ${PROXY_OBJS} -o $@ ${LIBS} ${LDFLAGS} 50 | 51 | .c.o: 52 | ${CC} -I../.. ${CFLAGS} -c $< -o $@ 53 | 54 | clean: 55 | rm -f *.o iri 56 | -------------------------------------------------------------------------------- /compat/strlcpy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1998, 2015 Todd C. Miller 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | #include 21 | 22 | /* 23 | * Copy string src to buffer dst of size dsize. At most dsize-1 24 | * chars will be copied. Always NUL terminates (unless dsize == 0). 25 | * Returns strlen(src); if retval >= dsize, truncation occurred. 26 | */ 27 | size_t 28 | strlcpy(char *dst, const char *src, size_t dsize) 29 | { 30 | const char *osrc = src; 31 | size_t nleft = dsize; 32 | 33 | /* Copy as many bytes as will fit. */ 34 | if (nleft != 0) { 35 | while (--nleft != 0) { 36 | if ((*dst++ = *src++) == '\0') 37 | break; 38 | } 39 | } 40 | 41 | /* Not enough room in dst, add NUL and traverse rest of src. */ 42 | if (nleft == 0) { 43 | if (dsize != 0) 44 | *dst = '\0'; /* NUL-terminate dst */ 45 | while (*src++) 46 | ; 47 | } 48 | 49 | return(src - osrc - 1); /* count does not include NUL */ 50 | } 51 | -------------------------------------------------------------------------------- /compat/timingsafe_memcmp.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ 2 | /* 3 | * Copyright (c) 2014 Google Inc. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "../config.h" 19 | 20 | #include 21 | #include 22 | 23 | int 24 | timingsafe_memcmp(const void *b1, const void *b2, size_t len) 25 | { 26 | const unsigned char *p1 = b1, *p2 = b2; 27 | size_t i; 28 | int res = 0, done = 0; 29 | 30 | for (i = 0; i < len; i++) { 31 | /* lt is -1 if p1[i] < p2[i]; else 0. */ 32 | int lt = (p1[i] - p2[i]) >> CHAR_BIT; 33 | 34 | /* gt is -1 if p1[i] > p2[i]; else 0. */ 35 | int gt = (p2[i] - p1[i]) >> CHAR_BIT; 36 | 37 | /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ 38 | int cmp = lt - gt; 39 | 40 | /* set res = cmp if !done. */ 41 | res |= cmp & ~done; 42 | 43 | /* set done if p1[i] != p2[i]. */ 44 | done |= lt | gt; 45 | } 46 | 47 | return (res); 48 | } 49 | -------------------------------------------------------------------------------- /compat/setresuid.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004, 2005 Darren Tucker (dtucker at zip com au). 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | 24 | int 25 | setresuid(uid_t ruid, uid_t euid, uid_t suid) 26 | { 27 | uid_t ouid; 28 | int ret = -1; 29 | 30 | /* Allow only the tested configuration. */ 31 | 32 | if (ruid != euid || euid != suid) { 33 | errno = ENOSYS; 34 | return -1; 35 | } 36 | ouid = getuid(); 37 | 38 | if ((ret = setreuid(euid, euid)) == -1) 39 | return -1; 40 | 41 | /* 42 | * When real, effective and saved uids are the same and we have 43 | * changed uids, sanity check that we cannot restore the old uid. 44 | */ 45 | 46 | if (ruid == euid && euid == suid && ouid != ruid && 47 | setuid(ouid) != -1 && seteuid(ouid) != -1) { 48 | errno = EINVAL; 49 | return -1; 50 | } 51 | 52 | /* 53 | * Finally, check that the real and effective uids are what we 54 | * expect. 55 | */ 56 | if (getuid() != ruid || geteuid() != euid) { 57 | errno = EACCES; 58 | return -1; 59 | } 60 | 61 | return ret; 62 | } 63 | -------------------------------------------------------------------------------- /log.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: log.h,v 1.2 2021/12/13 18:28:40 deraadt Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2003, 2004 Henning Brauer 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef LOG_H 20 | #define LOG_H 21 | 22 | #include 23 | 24 | void log_init(int, int); 25 | void log_procinit(const char *); 26 | void log_setverbose(int); 27 | int log_getverbose(void); 28 | void log_warn(const char *, ...) 29 | __attribute__((__format__ (printf, 1, 2))); 30 | void log_warnx(const char *, ...) 31 | __attribute__((__format__ (printf, 1, 2))); 32 | void log_info(const char *, ...) 33 | __attribute__((__format__ (printf, 1, 2))); 34 | void log_debug(const char *, ...) 35 | __attribute__((__format__ (printf, 1, 2))); 36 | void logit(int, const char *, ...) 37 | __attribute__((__format__ (printf, 2, 3))); 38 | void vlog(int, const char *, va_list) 39 | __attribute__((__format__ (printf, 2, 0))); 40 | __dead void fatal(const char *, ...) 41 | __attribute__((__format__ (printf, 1, 2))); 42 | __dead void fatalx(const char *, ...) 43 | __attribute__((__format__ (printf, 1, 2))); 44 | 45 | #endif /* LOG_H */ 46 | -------------------------------------------------------------------------------- /compat/strlcat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1998, 2015 Todd C. Miller 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | #include 21 | 22 | /* 23 | * Appends src to string dst of size dsize (unlike strncat, dsize is the 24 | * full size of dst, not space left). At most dsize-1 characters 25 | * will be copied. Always NUL terminates (unless dsize <= strlen(dst)). 26 | * Returns strlen(src) + MIN(dsize, strlen(initial dst)). 27 | * If retval >= dsize, truncation occurred. 28 | */ 29 | size_t 30 | strlcat(char *dst, const char *src, size_t dsize) 31 | { 32 | const char *odst = dst; 33 | const char *osrc = src; 34 | size_t n = dsize; 35 | size_t dlen; 36 | 37 | /* Find the end of dst and adjust bytes left but don't go past end. */ 38 | while (n-- != 0 && *dst != '\0') 39 | dst++; 40 | dlen = dst - odst; 41 | n = dsize - dlen; 42 | 43 | if (n-- == 0) 44 | return(dlen + strlen(src)); 45 | while (*src != '\0') { 46 | if (n != 0) { 47 | *dst++ = *src; 48 | n--; 49 | } 50 | src++; 51 | } 52 | *dst = '\0'; 53 | 54 | return(dlen + (src - osrc)); /* count does not include NUL */ 55 | } 56 | -------------------------------------------------------------------------------- /regress/env: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | printf "20 text/plain; lang=en\r\n" 6 | 7 | cat < means "not set". 21 | 22 | EOF 23 | 24 | echo GATEWAY_INTERFACE=$GATEWAY_INTERFACE 25 | echo GEMINI_DOCUMENT_ROOT=$GEMINI_DOCUMENT_ROOT 26 | echo GEMINI_SCRIPT_FILENAME=$GEMINI_SCRIPT_FILENAME 27 | echo GEMINI_URL=$GEMINI_URL 28 | echo GEMINI_URL_PATH=$GEMINI_URL_PATH 29 | echo PWD=$PWD 30 | echo PATH_INFO=${PATH_INFO:-""} 31 | echo PATH_TRANSLATED=${PATH_TRANSLATED:-""} 32 | echo QUERY_STRING=$QUERY_STRING 33 | echo REMOTE_ADDR=$REMOTE_ADDR 34 | echo REMOTE_HOST=$REMOTE_HOST 35 | echo REQUEST_METHOD=$REQUEST_METHOD 36 | echo SCRIPT_NAME=$SCRIPT_NAME 37 | echo SERVER_NAME=$SERVER_NAME 38 | echo SERVER_PORT=$SERVER_PORT 39 | echo SERVER_PROTOCOL=$SERVER_PROTOCOL 40 | echo SERVER_SOFTWARE=$SERVER_SOFTWARE 41 | echo AUTH_TYPE=$AUTH_TYPE 42 | echo REMOTE_USER=$REMOTE_USER 43 | echo TLS_CLIENT_ISSUER=$TLS_CLIENT_ISSUER 44 | echo TLS_CLIENT_HASH=$TLS_CLIENT_HASH 45 | echo TLS_CLIENT_NOT_AFTER=$TLS_CLIENT_NOT_AFTER 46 | echo TLS_CLIENT_NOT_BEFORE=$TLS_CLIENT_NOT_BEFORE 47 | echo 48 | echo 49 | echo " CGI Argument List" 50 | echo 51 | echo "- $0" 52 | for i in "$@"; do 53 | echo "- $i" 54 | done 55 | 56 | cat < "; 33 | } 34 | 35 | blockquote p { 36 | font-style: italic; 37 | display: inline; 38 | } 39 | 40 | p.link::before { 41 | content: "→ "; 42 | } 43 | 44 | strong::before { content: "*" } 45 | strong::after { content: "*" } 46 | 47 | hr { 48 | border: 0; 49 | height: 1px; 50 | background-color: #222; 51 | width: 100%; 52 | display: block; 53 | margin: 2em auto; 54 | } 55 | 56 | ul.link-list { 57 | list-style: disclosure-closed; 58 | } 59 | 60 | img { 61 | border-radius: 5px; 62 | } 63 | 64 | pre { 65 | overflow: auto; 66 | padding: 1rem; 67 | background-color: #f0f0f0; 68 | border-radius: 3px; 69 | } 70 | 71 | pre.banner { 72 | display: flex; 73 | flex-direction: row; 74 | justify-content: center; 75 | } 76 | 77 | code, kbd { 78 | color: #9d109d; 79 | } 80 | 81 | img { 82 | display: block; 83 | margin: 0 auto; 84 | max-width: 100%; 85 | } 86 | 87 | @media (prefers-color-scheme: dark) { 88 | body { 89 | background-color: #222; 90 | color: white; 91 | } 92 | 93 | a { 94 | color: aqua; 95 | } 96 | 97 | hr { 98 | background-color: #ddd; 99 | } 100 | 101 | pre { 102 | background-color: #353535; 103 | } 104 | 105 | code, kbd { 106 | color: #ff4cff; 107 | } 108 | } 109 | 110 | @media (max-width: 400px) { 111 | pre.banner { font-size: 9px; } 112 | } 113 | 114 | @media (max-width: 500px) { 115 | pre.banner { font-size: 10px; } 116 | } 117 | -------------------------------------------------------------------------------- /compat/strtonum.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004 Ted Unangst and Todd Miller 3 | * All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "../config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | 24 | #define INVALID 1 25 | #define TOOSMALL 2 26 | #define TOOLARGE 3 27 | 28 | long long 29 | strtonum(const char *numstr, long long minval, long long maxval, 30 | const char **errstrp) 31 | { 32 | long long ll = 0; 33 | int error = 0; 34 | char *ep; 35 | struct errval { 36 | const char *errstr; 37 | int err; 38 | } ev[4] = { 39 | { NULL, 0 }, 40 | { "invalid", EINVAL }, 41 | { "too small", ERANGE }, 42 | { "too large", ERANGE }, 43 | }; 44 | 45 | ev[0].err = errno; 46 | errno = 0; 47 | if (minval > maxval) { 48 | error = INVALID; 49 | } else { 50 | ll = strtoll(numstr, &ep, 10); 51 | if (numstr == ep || *ep != '\0') 52 | error = INVALID; 53 | else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) 54 | error = TOOSMALL; 55 | else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) 56 | error = TOOLARGE; 57 | } 58 | if (errstrp != NULL) 59 | *errstrp = ev[error].errstr; 60 | errno = ev[error].err; 61 | if (error) 62 | ll = 0; 63 | 64 | return (ll); 65 | } 66 | -------------------------------------------------------------------------------- /regress/invalid: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | printf 'iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii' 4 | -------------------------------------------------------------------------------- /compat/err.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "../config.h" 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | static void vwarn_impl(const char*, va_list); 26 | static void vwarnx_impl(const char*, va_list); 27 | 28 | static void 29 | vwarn_impl(const char *fmt, va_list ap) 30 | { 31 | fprintf(stderr, "%s: ", getprogname()); 32 | vfprintf(stderr, fmt, ap); 33 | fprintf(stderr, ": %s\n", strerror(errno)); 34 | } 35 | 36 | static void 37 | vwarnx_impl(const char *fmt, va_list ap) 38 | { 39 | fprintf(stderr, "%s: ", getprogname()); 40 | vfprintf(stderr, fmt, ap); 41 | fprintf(stderr, "\n"); 42 | } 43 | 44 | void 45 | err(int ret, const char *fmt, ...) 46 | { 47 | va_list ap; 48 | 49 | va_start(ap, fmt); 50 | vwarn_impl(fmt, ap); 51 | va_end(ap); 52 | exit(ret); 53 | } 54 | 55 | void 56 | errx(int ret, const char *fmt, ...) 57 | { 58 | va_list ap; 59 | 60 | va_start(ap, fmt); 61 | vwarnx_impl(fmt, ap); 62 | va_end(ap); 63 | exit(ret); 64 | } 65 | 66 | void 67 | warn(const char *fmt, ...) 68 | { 69 | va_list ap; 70 | 71 | va_start(ap, fmt); 72 | vwarn_impl(fmt, ap); 73 | va_end(ap); 74 | } 75 | 76 | void 77 | warnx(const char *fmt, ...) 78 | { 79 | va_list ap; 80 | 81 | va_start(ap, fmt); 82 | vwarnx_impl(fmt, ap); 83 | va_end(ap); 84 | } 85 | -------------------------------------------------------------------------------- /site/index.gmi: -------------------------------------------------------------------------------- 1 | # gmid 2 | 3 | > A Gemini server 4 | 5 | gmid is a full-featured Gemini server written with security in mind. It can serve static files, has an optional FastCGI and proxying support and a rich configuration syntax. 6 | 7 | gmid also bundles a small gemini client called ‘gg’ (gemini get), a small command-line server for quick testing called ‘gemexp’ and a titan implementation. 8 | 9 | => gmid.8.MANEXT gmid(8) - Gemini server 10 | => gmid.conf.5.MANEXT gmid.conf(5) - gmid configuration file 11 | => gg.1.MANEXT gg(1) - gemini client 12 | => gemexp.1.MANEXT gemexp(1) - export a directory over Gemini 13 | => titan.1.MANEXT titan(1) - Titan client 14 | 15 | ## Install 16 | 17 | Some distros provide a package — thanks to the maintainers! 18 | 19 | => REPOLOGY Repology: packaging status for gmid 20 | 21 | Otherwise, compile it from source: it’s easy and takes less than a minute on a raspberry pi 3 22 | 23 | => SITE/gmid-VERS.tar.gz gmid-VERS.tar.gz 24 | 25 | => https://git.omarpolo.com/?action=summary&path=gmid.git git repository 26 | => https://codeberg.org/op/gmid/ Codeberg mirror 27 | => GITHUB GitHub mirror 28 | 29 | The dependencies are: 30 | 31 | * libevent 32 | * LibreSSL or OpenSSL 33 | * yacc or GNU bison 34 | 35 | Once all the dependencies are installed, building is as easy as: 36 | 37 | ```Example of how to compile from source 38 | $ curl -LO SITE/gmid-VERS.tar.gz 39 | $ tar xzvf gmid-VERS.tar.gz 40 | $ cd gmid-VERS 41 | $ ./configure 42 | $ make 43 | $ sudo make install # eventually 44 | ``` 45 | 46 | A SHA256 file is available. However, it only checks for accidental corruption. You can use signify (gmid-VERS.sha256.sig) and the public key PUBKEY to cryptographically verify the downloaded tarball. The signify public key for the previous and the next release is included in the tarball. 47 | 48 | => SITE/gmid-VERS.sha256 gmid-VERS.sha256 49 | => SITE/gmid-VERS.sha256.sig gmid-VERS.sha256.sig 50 | 51 | To verify the signatures with signify(1): 52 | 53 | ```Example of how to verify the signature with signify 54 | % signify -C -p PUBKEY -x gmid-VERS.sha256.sig 55 | Signature Verified 56 | gmid-VERS.tar.gz: OK 57 | ``` 58 | 59 | Git tags are signed with the following ssh key: 60 | 61 | ``` 62 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0nD5I8BNVJknT87gnpLIJWK0fXTayDktQOlS38CGj4 op@omarpolo.com 63 | ``` 64 | -------------------------------------------------------------------------------- /regress/regress: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | rm -f gmid.pid 4 | 5 | . ./lib.sh 6 | . ./tests.sh 7 | 8 | trap 'onexit' INT TERM EXIT 9 | 10 | if [ $# -ne 0 ]; then 11 | while [ $# -ne 0 ]; do 12 | run_test $1 13 | shift 14 | done 15 | 16 | tests_done 17 | fi 18 | 19 | # Run standalone unit tests. 20 | run_test test_punycode 21 | run_test test_iri 22 | run_test test_gg_n_flag 23 | 24 | # Run configuration parsing tests. 25 | run_test test_parse_comments_at_start 26 | run_test test_dump_config 27 | 28 | if [ "${SKIP_RUNTIME_TESTS:-0}" -eq 1 ]; then 29 | echo 30 | echo "======================" 31 | echo "runtime tests skipped!" 32 | echo "======================" 33 | echo 34 | 35 | tests_done 36 | fi 37 | 38 | # Run regression tests for the gemexp binary. 39 | run_test test_gemexp 40 | 41 | # Run regression tests for the gmid binary. 42 | run_test test_static_files 43 | run_test test_alias 44 | run_test test_alias_long_hostname 45 | run_test test_directory_redirect 46 | run_test test_serve_big_files 47 | run_test test_dont_execute_scripts 48 | run_test test_custom_mime 49 | run_test test_default_type 50 | run_test test_custom_lang 51 | run_test test_parse_custom_lang_per_location 52 | run_test test_custom_index 53 | run_test test_custom_index_default_type_per_location 54 | run_test test_auto_index 55 | run_test test_block 56 | run_test test_block_return_fmt 57 | run_test test_require_client_ca 58 | run_test test_root_inside_location 59 | run_test test_root_inside_location_with_redirect 60 | run_test test_fastcgi 61 | run_test test_fastcgi_inside_location 62 | run_test test_fastcgi_location_match 63 | run_test test_fastcgi_deprecated_syntax 64 | run_test test_macro_expansion 65 | run_test test_proxy_relay_to 66 | run_test test_proxy_with_certs 67 | # run_test test_unknown_host # XXX: breaks on some distro 68 | run_test test_include_mime 69 | run_test test_log_file 70 | run_test test_log_common 71 | run_test test_log_combined 72 | run_test test_ipv4_addr 73 | run_test test_ipv6_addr need_ipv6 74 | run_test test_ipv6_server need_ipv6 75 | run_test test_high_prefork 76 | run_test test_proxy_protocol_v1 77 | 78 | # TODO: add test that uses only a TLSv1.2 or TLSv1.3 79 | # TODO: add a test that attempt to serve a non-regular file 80 | # TODO: add a test where the index is not a regular file 81 | # TODO: add a test that logs and uses a client cert 82 | 83 | tests_done 84 | -------------------------------------------------------------------------------- /site/Makefile: -------------------------------------------------------------------------------- 1 | MANPAGES = gemexp.1 \ 2 | gg.1 \ 3 | gmid.conf.5 \ 4 | gmid.8 \ 5 | titan.1 6 | 7 | PAGES = index.gmi \ 8 | changelog.gmi \ 9 | contrib.gmi \ 10 | quickstart.gmi \ 11 | faq.gmi 12 | 13 | TITLE_index.gmi = home 14 | TITLE_changelog.gmi = changelog 15 | TITLE_contrib.gmi = contrib 16 | TITLE_quickstart.gmi = guide 17 | TITLE_faq.gmi = faq 18 | 19 | REPOLOGY_BANNER = https://repology.org/badge/vertical-allrepos/gmid.svg 20 | REPOLOGY_URL = https://repology.org/project/gmid/versions 21 | 22 | SUBST = ./subst GITHUB=https://github.com/omar-polo/gmid \ 23 | SITE=https://ftp.omarpolo.com \ 24 | VERS=2.1.1 \ 25 | PUBKEY=gmid-2.1.pub \ 26 | TREE=https://github.com/omar-polo/gmid/blob/master 27 | 28 | SUBST_GEM = ${SUBST} MANEXT=txt EXT=gmi REPOLOGY=${REPOLOGY_URL} 29 | SUBST_WWW = ${SUBST} MANEXT=html EXT=html REPOLOGY=${REPOLOGY_BANNER} 30 | 31 | .PHONY: all dirs manpages serve-www serve-gemini upload clean titles 32 | 33 | all: dirs manpages pages 34 | cp style.css mandoc.css www/ 35 | cp vim-screenshot.png www/ 36 | cp vim-screenshot.png gemini/ 37 | 38 | dirs: 39 | mkdir -p gemini www 40 | 41 | MANOPTS = -Oman='%N.%S.html;https://man.openbsd.org/%N.%S',style=mandoc.css 42 | 43 | manpages: 44 | .for m in ${MANPAGES} 45 | @echo generating www/${m:T}.html 46 | cd .. && man -Thtml ${MANOPTS} -l $m > site/www/${m:T}.html 47 | man -O width=65 -Tutf8 -l $m | col -b > gemini/${m:T}.txt 48 | .endfor 49 | 50 | pages: 51 | .for p in ${PAGES} 52 | ${MAKE} titles-gem | ./menu.pl $p gemini > gemini/$p 53 | ${SUBST_GEM} $p >> gemini/$p 54 | 55 | ${SUBST_WWW} TITLE=${TITLE_${p}:Q} header.html > www/${p:.gmi=.html} 56 | ${MAKE} titles-www | ./menu.pl "${p:.gmi=.html}" html >> www/${p:.gmi=.html} 57 | ${SUBST_WWW} $p | ./gem2html >> www/${p:.gmi=.html} 58 | cat footer.html >> www/${p:.gmi=.html} 59 | .endfor 60 | 61 | serve-www: 62 | python3 -m http.server --directory www 8888 63 | 64 | serve-gemini: 65 | ./../gemexp ./gemini 66 | 67 | upload: 68 | openrsync --rsync-path=openrsync --del -a www/ antartica:/var/www/gmid.omarpolo.com 69 | openrsync --rsync-path=openrsync --del -a gemini/ antartica:/var/gemini/gmid.omarpolo.com 70 | 71 | titles-gem: 72 | .for p in ${PAGES} 73 | @printf "%s %s\n" "${p}" ${TITLE_${p}:Q} 74 | .endfor 75 | 76 | titles-www: 77 | .for p in ${PAGES} 78 | @printf "%s %s\n" "${p:.gmi=.html}" ${TITLE_${p}:Q} 79 | .endfor 80 | -------------------------------------------------------------------------------- /site/faq.gmi: -------------------------------------------------------------------------------- 1 | # Frequently Asked Questions 2 | 3 | ## How can I report a bug, suggest a feature or send a patch? 4 | 5 | Just drop an email to or open an issue/pull request on Codeberg or Github. 6 | 7 | => https://codeberg.org/op/gmid Codeberg mirror 8 | => https://github.com/omar-polo/gmid GitHub mirror 9 | 10 | When reporting a bug please include the relevant information to reproduce the issue you're facing: your configuration file, the gmid version, and your operating system or distro at least. 11 | 12 | 13 | ## How can I define the right MIME types for my files? 14 | 15 | gmid, like many other servers, uses a list of known file extensions to decide what MIME type use. A few of them are built-in for convenience but it's quite easy to add custom ones: 16 | 17 | ``` example of how to use the type rule in the configuration file 18 | types { 19 | application/postscript ps eps ai 20 | application/rss+xml rss 21 | 22 | # it's also possible to just include a file here 23 | include "/usr/share/misc/mime.types" 24 | } 25 | ``` 26 | 27 | 28 | ## How to run CGI scripts? 29 | 30 | As of gmid 2.0, to run CGI scripts an external program like fcgiwrap or slowcgi are needed. 31 | 32 | From the gmid side, one `fastcgi' block needs to be defined with the `socket' pointing at the fcgiwrap or slowcgi socket inside the chroot. The `SCRIPT_NAME' parameter pointing to the script path is often needed since gmid is unable to deduce the right path otherwise. 33 | 34 | ``` example configuration that runs a CGI via slowcgi 35 | server "example.com" { 36 | listen on * 37 | cert "/path/to/cert" 38 | key "/path/to/key" 39 | 40 | location "/cgi-bin/hello" { 41 | fastcgi { 42 | socket "/run/slowcgi.sock" 43 | param SCRIPT_NAME = "/cgi-bin/hello" 44 | } 45 | } 46 | } 47 | ``` 48 | 49 | Then, fcgiwrap or slowcgi need to be started as well. 50 | 51 | 52 | ## How to automatically renew the certificates? 53 | 54 | It depends on how the certificate were obtained. For example, if acme-client or certbot are used they provide their own mechanism to renew the certs and restart daemons. 55 | 56 | In case of a self-signed certificate, contrib/renew-certs could help. It's meant to be scheduled periodically with cron(8) and automatically generate a new key and certificate when one is about to expire and restarts gmid. 57 | 58 | => TREE/contrib/renew-certs contrib/renew-certs 59 | -------------------------------------------------------------------------------- /regress/puny-test.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Omar Polo 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | #include "../gmid.h" 21 | 22 | const struct suite { 23 | const char *src; 24 | const char *res; 25 | } t[] = { 26 | {"foo", "foo"}, 27 | {"h.n", "h.n"}, 28 | {"xn-invalid", "xn-invalid"}, 29 | {"naïve", "naïve"}, 30 | {"xn--8ca", "è"}, 31 | {"xn--caff-8oa", "caffè"}, 32 | {"xn--nave-6pa", "naïve"}, 33 | {"xn--e-0mbbc", "τeστ"}, 34 | {"xn--8ca67lbac", "τèστ"}, 35 | {"xn--28j2a3ar1p", "こんにちは"}, 36 | {"xn--hello--ur7iy09x", "hello-世界"}, 37 | {"xn--hi--hi-rr7iy09x", "hi-世界-hi"}, 38 | {"xn--caf-8la.foo.org", "cafè.foo.org"}, 39 | /* 3 bytes */ 40 | {"xn--j6h", "♨"}, 41 | /* 4 bytes */ 42 | {"xn--x73l", "𩸽"}, 43 | {"xn--x73laaa", "𩸽𩸽𩸽𩸽"}, 44 | {NULL, NULL} 45 | }; 46 | 47 | void 48 | sandbox_logger_process(void) 49 | { 50 | /* to make the linker happy! */ 51 | return; 52 | } 53 | 54 | int 55 | main(int argc, char **argv) 56 | { 57 | const struct suite *i; 58 | int failed; 59 | char buf[64]; /* name len */ 60 | const char *parse_err; 61 | 62 | failed = 0; 63 | for (i = t; i->src != NULL; ++i) { 64 | memset(buf, 0, sizeof(buf)); 65 | if (!puny_decode(i->src, buf, sizeof(buf), &parse_err)) { 66 | printf("decode: failure with %s: %s\n", 67 | i->src, parse_err); 68 | failed = 1; 69 | continue; 70 | } 71 | 72 | if (strcmp(buf, i->res)) { 73 | printf("ERR: expected \"%s\", got \"%s\"\n", 74 | i->res, buf); 75 | failed = 1; 76 | continue; 77 | } else 78 | printf("OK: %s => %s\n", i->src, buf); 79 | } 80 | 81 | return failed; 82 | } 83 | -------------------------------------------------------------------------------- /compat/libtls/asn.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */ 2 | /* 3 | * Copyright (c) 2015 Bob Beck 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #define GENTIME_LENGTH 15 27 | #define UTCTIME_LENGTH 13 28 | 29 | #define V_ASN1_UTCTIME 23 30 | #define V_ASN1_GENERALIZEDTIME 24 31 | 32 | #ifndef HAVE_ASN1_TIME_TM_CMP 33 | int 34 | ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) 35 | { 36 | if (tm1->tm_year < tm2->tm_year) 37 | return (-1); 38 | if (tm1->tm_year > tm2->tm_year) 39 | return (1); 40 | if (tm1->tm_mon < tm2->tm_mon) 41 | return (-1); 42 | if (tm1->tm_mon > tm2->tm_mon) 43 | return (1); 44 | if (tm1->tm_mday < tm2->tm_mday) 45 | return (-1); 46 | if (tm1->tm_mday > tm2->tm_mday) 47 | return (1); 48 | if (tm1->tm_hour < tm2->tm_hour) 49 | return (-1); 50 | if (tm1->tm_hour > tm2->tm_hour) 51 | return (1); 52 | if (tm1->tm_min < tm2->tm_min) 53 | return (-1); 54 | if (tm1->tm_min > tm2->tm_min) 55 | return (1); 56 | if (tm1->tm_sec < tm2->tm_sec) 57 | return (-1); 58 | if (tm1->tm_sec > tm2->tm_sec) 59 | return (1); 60 | return 0; 61 | } 62 | #endif 63 | 64 | #ifndef HAVE_ASN1_TIME_TM_CLAMP_NOTAFTER 65 | int 66 | ASN1_time_tm_clamp_notafter(struct tm *tm) 67 | { 68 | #ifdef SMALL_TIME_T 69 | struct tm broken_os_epoch_tm; 70 | time_t broken_os_epoch_time = INT_MAX; 71 | 72 | if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL) 73 | return 0; 74 | 75 | if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1) 76 | memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); 77 | #endif 78 | return 1; 79 | } 80 | #endif 81 | -------------------------------------------------------------------------------- /contrib/gencert: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # NAME 4 | # gencert - generate certificates 5 | # 6 | # SYNOPSIS 7 | # ./gencert [-efh] [-D days] [-d destdir] hostname 8 | # 9 | # DESCRIPTION 10 | # A simple script to generate self-signed X.509 certificates for 11 | # gmid. 12 | # 13 | # The option are as follows: 14 | # -D Specify the number of days the certificate 15 | # will be valid for. Use 365 (a year) by default. 16 | # -d Save the certificates to the given directory. 17 | # By default the current directory is used. 18 | # -e Use an EC key instead of RSA. 19 | # -f Forcefully overwrite existing certificates 20 | # without prompting. 21 | # -h Display usage and exit. 22 | # 23 | # SEE ALSO 24 | # openssl(1) 25 | # 26 | 27 | progname="$(basename -- "$0")" 28 | 29 | usage() { 30 | echo "usage: $progname [-fhe] [-d destdir] [-D days] hostname" >&2 31 | echo "Please read the comment at the top of $0 for the usage." >&2 32 | exit $1 33 | } 34 | 35 | ec=no 36 | force=no 37 | destdir=. 38 | days=365 39 | 40 | while getopts "D:d:efh" flag; do 41 | case $flag in 42 | D) days="$OPTARG" ;; 43 | d) destdir="${OPTARG%/}" ;; 44 | e) ec=yes ;; 45 | f) force=yes ;; 46 | h) usage 0 ;; 47 | ?) usage 1 ;; 48 | esac 49 | done 50 | 51 | shift $(($OPTIND - 1)) 52 | 53 | if [ $# -ne 1 ]; then 54 | usage 1 55 | fi 56 | 57 | if [ ! -d "${destdir}" ]; then 58 | echo "${progname}: ${destdir} is not a directory." >&2 59 | usage 1 60 | fi 61 | 62 | hostname="${1}" 63 | pem="${destdir}/${hostname}.pem" 64 | key="${destdir}/${hostname}.key" 65 | 66 | if [ -f "$pem" -o -f "$key" ]; then 67 | if [ $force = no ]; then 68 | while :; do 69 | printf "Overwrite existing certificate $pem? [y/n] " 70 | if ! read -r reply; then 71 | echo 72 | exit 1 73 | fi 74 | case "$reply" in 75 | [yY]) echo "overwriting"; break ;; 76 | [nN]) echo "quitting"; exit 0 ;; 77 | esac 78 | done 79 | fi 80 | fi 81 | 82 | if [ $ec = yes ]; then 83 | openssl ecparam -name secp384r1 -genkey -noout -out "${key}" && \ 84 | openssl req -new -x509 -key "${key}" -out "${pem}" -days "${days}" \ 85 | -nodes -subj "/CN=$hostname" 86 | else 87 | openssl req -x509 \ 88 | -newkey rsa:4096 \ 89 | -out "${pem}" \ 90 | -keyout "${key}" \ 91 | -days "${days}" \ 92 | -nodes \ 93 | -subj "/CN=$hostname" 94 | fi 95 | 96 | e=$? 97 | if [ $e -ne 0 ]; then 98 | exit $e 99 | fi 100 | 101 | echo 102 | echo "Generated files:" 103 | echo " $pem : certificate" 104 | echo " $key : private key" 105 | -------------------------------------------------------------------------------- /gemexp.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (c) 2022, 2023 Omar Polo 2 | .\" 3 | .\" Permission to use, copy, modify, and distribute this software for any 4 | .\" purpose with or without fee is hereby granted, provided that the above 5 | .\" copyright notice and this permission notice appear in all copies. 6 | .\" 7 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | .Dd July 3, 2024 15 | .Dt GEMEXP 1 16 | .Os 17 | .Sh NAME 18 | .Nm gemexp 19 | .Nd export a directory over Gemini 20 | .Sh SYNOPSIS 21 | .Nm 22 | .Bk -words 23 | .Op Fl hRVv 24 | .Op Fl d Ar certs-dir 25 | .Op Fl H Ar hostname 26 | .Op Fl p Ar port 27 | .Op Ar directory 28 | .Ek 29 | .Sh DESCRIPTION 30 | .Nm 31 | exports the given 32 | .Ar directory 33 | over the Gemini protocol. 34 | It's intended to be used interactively mostly for testing purposes, 35 | for a full-fledged daemon look for 36 | .Xr gmid 8 . 37 | .Pp 38 | The arguments are as follows: 39 | .Bl -tag -width Ds 40 | .It Fl d Ar certs-path 41 | Directory where certificates are stored. 42 | By default is 43 | .Pa $XDG_DATA_HOME/gemexp , 44 | i.e.\& 45 | .Pa ~/.local/share/gemexp . 46 | .It Fl H Ar hostname 47 | The 48 | .Ar hostname 49 | to use, 50 | .Ar localhost 51 | by default. 52 | Certificates for the given 53 | .Ar hostname 54 | are searched inside the 55 | .Ar certs-dir 56 | specified with the 57 | .Fl d 58 | option. 59 | The certificate files are named 60 | .Ar hostname Ns .pem 61 | and 62 | .Ar hostname Ns .key 63 | and are implicitly generated if not found. 64 | .It Fl h , Fl -help 65 | Print the usage and exit. 66 | .It Fl p Ar port 67 | The port to bind to, 1965 by default. 68 | .It Fl R 69 | Generate an RSA key instead of an EC one. 70 | .It Fl V , Fl -version 71 | Print the version and exit. 72 | .It Fl v 73 | Verbose mode. 74 | .It Ar directory 75 | The root directory to serve, or the current working directory if not 76 | specified. 77 | .El 78 | .Sh SEE ALSO 79 | .Xr gg 1 , 80 | .Xr gmid 8 81 | .Sh ACKNOWLEDGEMENTS 82 | .Nm 83 | uses the 84 | .Dq Flexible and Economical 85 | UTF-8 decoder written by 86 | .An Bjoern Hoehrmann . 87 | .Sh AUTHORS 88 | .An -nosplit 89 | The 90 | .Nm 91 | program was written by 92 | .An Omar Polo Aq Mt op@omarpolo.com . 93 | -------------------------------------------------------------------------------- /compat/arc4random.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: arc4random_linux.h,v 1.12 2019/07/11 10:37:28 inoguchi Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1996, David Mazieres 5 | * Copyright (c) 2008, Damien Miller 6 | * Copyright (c) 2013, Markus Friedl 7 | * Copyright (c) 2014, Theo de Raadt 8 | * 9 | * Permission to use, copy, modify, and distribute this software for any 10 | * purpose with or without fee is hereby granted, provided that the above 11 | * copyright notice and this permission notice appear in all copies. 12 | * 13 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 18 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 19 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 | */ 21 | 22 | /* 23 | * Stub functions for portability. From LibreSSL with some adaptations. 24 | */ 25 | 26 | #include 27 | 28 | #include 29 | 30 | /* OpenSSH isn't multithreaded */ 31 | #define _ARC4_LOCK() 32 | #define _ARC4_UNLOCK() 33 | #define _ARC4_ATFORK(f) 34 | 35 | static inline void 36 | _getentropy_fail(void) 37 | { 38 | fatal("getentropy failed"); 39 | } 40 | 41 | static volatile sig_atomic_t _rs_forked; 42 | 43 | static inline void 44 | _rs_forkhandler(void) 45 | { 46 | _rs_forked = 1; 47 | } 48 | 49 | static inline void 50 | _rs_forkdetect(void) 51 | { 52 | static pid_t _rs_pid = 0; 53 | pid_t pid = getpid(); 54 | 55 | if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) { 56 | _rs_pid = pid; 57 | _rs_forked = 0; 58 | if (rs) 59 | memset(rs, 0, sizeof(*rs)); 60 | } 61 | } 62 | 63 | static inline int 64 | _rs_allocate(struct _rs **rsp, struct _rsx **rsxp) 65 | { 66 | #if defined(MAP_ANON) && defined(MAP_PRIVATE) 67 | if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, 68 | MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) 69 | return (-1); 70 | 71 | if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, 72 | MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { 73 | munmap(*rsp, sizeof(**rsp)); 74 | *rsp = NULL; 75 | return (-1); 76 | } 77 | #else 78 | if ((*rsp = calloc(1, sizeof(**rsp))) == NULL) 79 | return (-1); 80 | if ((*rsxp = calloc(1, sizeof(**rsxp))) == NULL) { 81 | free(*rsp); 82 | *rsp = NULL; 83 | return (-1); 84 | } 85 | #endif 86 | 87 | _ARC4_ATFORK(_rs_forkhandler); 88 | return (0); 89 | } 90 | -------------------------------------------------------------------------------- /titan.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (c) 2023 Omar Polo 2 | .\" 3 | .\" Permission to use, copy, modify, and distribute this software for any 4 | .\" purpose with or without fee is hereby granted, provided that the above 5 | .\" copyright notice and this permission notice appear in all copies. 6 | .\" 7 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | .Dd October 20, 2023 15 | .Dt TITAN 1 16 | .Os 17 | .Sh NAME 18 | .Nm titan 19 | .Nd Titan client 20 | .Sh SYNOPSIS 21 | .Nm 22 | .Bk -words 23 | .Op Fl C Ar cert 24 | .Op Fl K Ar key 25 | .Op Fl m Ar mime 26 | .Op Fl t Ar token 27 | .Ar url 28 | .Op Ar file 29 | .Ek 30 | .Sh DESCRIPTION 31 | .Nm 32 | allows one to upload data to a Titan server. 33 | If no 34 | .Ar file 35 | is given on the command line, 36 | .Nm 37 | reads from standard input. 38 | .Pp 39 | The options are as follows: 40 | .Bl -tag -width Ds 41 | .It Fl C Ar cert 42 | Specify the TLS client certificate to use. 43 | .It Fl K Ar cert 44 | Specify the TLS client certificate key to use. 45 | Defaults to 46 | .Fl C 47 | if provided. 48 | .It Fl m Ar mime 49 | Specify the mime of the content being sent. 50 | Unset by default. 51 | .It Fl t Ar token 52 | Specify the token for the transaction. 53 | Unset by default. 54 | .El 55 | .Pp 56 | .Nm 57 | alters the passed 58 | .Ar url 59 | to include the parameter for the file size as well as the MIME and the 60 | token if 61 | .Fl m 62 | or 63 | .Fl t 64 | are given. 65 | .Sh EXIT STATUS 66 | The 67 | .Nm 68 | utility exits with one of the following values: 69 | .Pp 70 | .Bl -tag -width Ds -offset indent -compact 71 | .It 0 72 | The transaction completed successfully and the response code was in the 73 | 2x or 3x range. 74 | .It 1 75 | An error occurred. 76 | .It 2 77 | The response code was not in the 2x or 3x range. 78 | .El 79 | .Sh SEE ALSO 80 | .Xr ftp 1 , 81 | .Xr gg 1 82 | .Sh STANDARDS 83 | .Nm 84 | implements the 85 | .Dq Titan Specification 86 | .Lk gemini://transjovian.org/titan/page/The%20Titan%20Specification 87 | .Sh AUTHORS 88 | .An -nosplit 89 | The 90 | .Nm 91 | utility was written by 92 | .An Omar Polo Aq Mt op@omarpolo.com . 93 | .Sh CAVEATS 94 | .Nm 95 | doesn't perform TOFU 96 | .Pq Trust On First Use 97 | or any X.509 certificate validation beyond the name verification. 98 | -------------------------------------------------------------------------------- /compat/libtls/tls_peer.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: tls_peer.c,v 1.8 2017/04/10 17:11:13 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2015 Joel Sing 4 | * Copyright (c) 2015 Bob Beck 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include "config.h" 20 | 21 | #include 22 | 23 | #include 24 | 25 | #include 26 | #include "tls_internal.h" 27 | 28 | const char * 29 | tls_peer_cert_hash(struct tls *ctx) 30 | { 31 | if (ctx->conninfo == NULL) 32 | return (NULL); 33 | return (ctx->conninfo->hash); 34 | } 35 | const char * 36 | tls_peer_cert_issuer(struct tls *ctx) 37 | { 38 | if (ctx->conninfo == NULL) 39 | return (NULL); 40 | return (ctx->conninfo->issuer); 41 | } 42 | 43 | const char * 44 | tls_peer_cert_subject(struct tls *ctx) 45 | { 46 | if (ctx->conninfo == NULL) 47 | return (NULL); 48 | return (ctx->conninfo->subject); 49 | } 50 | 51 | int 52 | tls_peer_cert_provided(struct tls *ctx) 53 | { 54 | return (ctx->ssl_peer_cert != NULL); 55 | } 56 | 57 | int 58 | tls_peer_cert_contains_name(struct tls *ctx, const char *name) 59 | { 60 | int match; 61 | 62 | if (ctx->ssl_peer_cert == NULL) 63 | return (0); 64 | 65 | if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1) 66 | return (0); 67 | 68 | return (match); 69 | } 70 | 71 | time_t 72 | tls_peer_cert_notbefore(struct tls *ctx) 73 | { 74 | if (ctx->ssl_peer_cert == NULL) 75 | return (-1); 76 | if (ctx->conninfo == NULL) 77 | return (-1); 78 | return (ctx->conninfo->notbefore); 79 | } 80 | 81 | time_t 82 | tls_peer_cert_notafter(struct tls *ctx) 83 | { 84 | if (ctx->ssl_peer_cert == NULL) 85 | return (-1); 86 | if (ctx->conninfo == NULL) 87 | return (-1); 88 | return (ctx->conninfo->notafter); 89 | } 90 | 91 | const uint8_t * 92 | tls_peer_cert_chain_pem(struct tls *ctx, size_t *size) 93 | { 94 | if (ctx->ssl_peer_cert == NULL) 95 | return (NULL); 96 | if (ctx->conninfo == NULL) 97 | return (NULL); 98 | *size = ctx->conninfo->peer_cert_len; 99 | return (ctx->conninfo->peer_cert); 100 | } 101 | 102 | -------------------------------------------------------------------------------- /compat/recallocarray.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: recallocarray.c,v 1.2 2021/03/18 11:16:58 claudio Exp $ */ 2 | /* 3 | * Copyright (c) 2008, 2017 Otto Moerbeek 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "../config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | /* 27 | * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX 28 | * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW 29 | */ 30 | #define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) 31 | 32 | /* 33 | * Even though specified in POSIX, the PAGESIZE and PAGE_SIZE 34 | * macros have very poor portability. Since we only use this 35 | * to avoid free() overhead for small shrinking, simply pick 36 | * an arbitrary number. 37 | */ 38 | #define getpagesize() (1UL << 12) 39 | 40 | void * 41 | recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) 42 | { 43 | size_t oldsize, newsize; 44 | void *newptr; 45 | 46 | if (ptr == NULL) 47 | return calloc(newnmemb, size); 48 | 49 | if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && 50 | newnmemb > 0 && SIZE_MAX / newnmemb < size) { 51 | errno = ENOMEM; 52 | return NULL; 53 | } 54 | newsize = newnmemb * size; 55 | 56 | if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && 57 | oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { 58 | errno = EINVAL; 59 | return NULL; 60 | } 61 | oldsize = oldnmemb * size; 62 | 63 | /* 64 | * Don't bother too much if we're shrinking just a bit, 65 | * we do not shrink for series of small steps, oh well. 66 | */ 67 | if (newsize <= oldsize) { 68 | size_t d = oldsize - newsize; 69 | 70 | if (d < oldsize / 2 && d < (size_t)getpagesize()) { 71 | memset((char *)ptr + newsize, 0, d); 72 | return ptr; 73 | } 74 | } 75 | 76 | newptr = malloc(newsize); 77 | if (newptr == NULL) 78 | return NULL; 79 | 80 | if (newsize > oldsize) { 81 | memcpy(newptr, ptr, oldsize); 82 | memset((char *)newptr + oldsize, 0, newsize - oldsize); 83 | } else 84 | memcpy(newptr, ptr, newsize); 85 | 86 | explicit_bzero(ptr, oldsize); 87 | free(ptr); 88 | 89 | return newptr; 90 | } 91 | -------------------------------------------------------------------------------- /compat/getentropy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1996, David Mazieres 3 | * Copyright (c) 2008, Damien Miller 4 | * Copyright (c) 2013, Markus Friedl 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include "../config.h" 20 | 21 | #ifndef SSH_RANDOM_DEV 22 | # define SSH_RANDOM_DEV "/dev/urandom" 23 | #endif /* SSH_RANDOM_DEV */ 24 | 25 | #include 26 | #ifdef HAVE_SYS_RANDOM_H 27 | # include 28 | #endif 29 | 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #ifdef WITH_OPENSSL 36 | #include 37 | #include 38 | #endif 39 | 40 | #include "log.h" 41 | 42 | int _ssh_compat_getentropy(void *, size_t); 43 | 44 | static int 45 | seed_from_prngd(unsigned char *buf, size_t bytes) 46 | { 47 | return -1; 48 | } 49 | 50 | int 51 | _ssh_compat_getentropy(void *s, size_t len) 52 | { 53 | #if defined(WITH_OPENSSL) && defined(OPENSSL_PRNG_ONLY) 54 | if (RAND_bytes(s, len) <= 0) 55 | fatal("Couldn't obtain random bytes (error 0x%lx)", 56 | (unsigned long)ERR_get_error()); 57 | #else 58 | int fd, save_errno; 59 | ssize_t r; 60 | size_t o = 0; 61 | 62 | #ifdef WITH_OPENSSL 63 | if (RAND_bytes(s, len) == 1) 64 | return 0; 65 | #endif 66 | #ifdef HAVE_GETENTROPY 67 | if ((r = getentropy(s, len)) == 0) 68 | return 0; 69 | #endif /* HAVE_GETENTROPY */ 70 | #ifdef HAVE_GETRANDOM 71 | if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) 72 | return 0; 73 | #endif /* HAVE_GETRANDOM */ 74 | 75 | if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { 76 | save_errno = errno; 77 | /* Try egd/prngd before giving up. */ 78 | if (seed_from_prngd(s, len) == 0) 79 | return 0; 80 | fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, 81 | strerror(save_errno)); 82 | } 83 | while (o < len) { 84 | r = read(fd, (u_char *)s + o, len - o); 85 | if (r < 0) { 86 | if (errno == EAGAIN || errno == EINTR || 87 | errno == EWOULDBLOCK) 88 | continue; 89 | fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); 90 | } 91 | o += r; 92 | } 93 | close(fd); 94 | #endif /* WITH_OPENSSL */ 95 | return 0; 96 | } 97 | -------------------------------------------------------------------------------- /site/gem2html: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # 3 | # Copyright (c) 2022 Omar Polo 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | use v5.10; 18 | use strict; 19 | use warnings; 20 | 21 | my $in_pre = 0; 22 | my $in_list = 0; 23 | 24 | while (<>) { 25 | chomp; 26 | if ($in_pre && m/^```/) { 27 | $in_pre = 0; 28 | say ""; 29 | } elsif (!$in_pre && m/^```/) { 30 | if ($in_list) { 31 | $in_list = 0; 32 | say ""; 33 | } 34 | $in_pre = 1; 35 | print "
";
 36 | 	} elsif ($in_pre) {
 37 | 		say san($_);
 38 | 	} elsif ($in_list && m/^$/) {
 39 | 		say "";
 40 | 		$in_list = 0;
 41 | 	} elsif (m/^\*\s+(.*)/) { # NB: at least one space
 42 | 		if (!$in_list) {
 43 | 			$in_list = "item";
 44 | 			say "
    ";
 45 | 		} elsif ($in_list eq "link") {
 46 | 			$in_list = "item";
 47 | 			say "
";
 48 | 			say "
    ";
 49 | 		}
 50 | 		output("li", $1);
 51 | 	} elsif (m/^=>\s*([^\s]*)\s*(.*)$/) {
 52 | 		my $href = $1;
 53 | 		my $alt = $2;
 54 | 
 55 | 		# special case: images
 56 | 		if ($1 =~ /\.(png|jpg|svg)$/) {
 57 | 			if ($in_list) {
 58 | 				say "
";
 59 | 				$in_list = 0;
 60 | 			}
 61 | 			say "$alt";
 62 | 			next;
 63 | 		}
 64 | 
 65 | 		if (!$in_list) {
 66 | 			$in_list = "link";
 67 | 			say "
    ";
 68 | 		} elsif ($in_list eq "item") {
 69 | 			$in_list = "link";
 70 | 			say "
";
 71 | 			say "
    ";
 72 | 		}
 73 | 		$_ = $alt || $href;
 74 | 		say "
  • ". san() ."
    • ";
 75 | 	} elsif (m/^###\s*(.*)$/) {
 76 | 		output("h3", $1);
 77 | 	} elsif (m/^##\s*(.*)$/) {
 78 | 		output("h2", $1);
 79 | 	} elsif (m/^#\s*(.*)$/) {
 80 | 		output("h1", $1);
 81 | 	} elsif (m/^>\s*(.*)$/) {
 82 | 		output("blockquote", $1);
 83 | 	} else {
 84 | 		output("p", $_);
 85 | 	}
 86 | }
 87 | 
 88 | sub san {
 89 | 	s/&/\&/g;
 90 | 	s//\>/g;
 92 | 	return $_;
 93 | }
 94 | 
 95 | sub output {
 96 | 	my ($tn, $content) = @_;
 97 | 
 98 | 	if (!$in_list && $tn eq "li") {
 99 | 		$in_list = 1;
100 | 		say "
      ";
101 | 	}
102 | 
103 | 	if ($in_list && $tn ne "li") {
104 | 		$in_list = 0;
105 | 		say "
    ";
106 | 	}
107 | 
108 | 	if ($tn eq "p" && $content eq "") {
109 | 		return;
110 | 	}
111 | 
112 | 	$_ = $content;
113 | 	say "<$tn>". san() ."";
114 | }
115 | 


--------------------------------------------------------------------------------
/site/contrib.gmi:
--------------------------------------------------------------------------------
  1 | # contributed files
  2 | 
  3 | This directory is for additional contributed files which may be useful.
  4 | 
  5 | ## Dockerfile
  6 | 
  7 | => TREE/contrib/Dockerfile contrib/Dockerfile
  8 | 
  9 | A sample Dockerfile that builds an alpine linux-based image.  To build the image:
 10 | 
 11 | ```instructions to build the image
 12 | # docker build -f contrib/Dockerfile -t gmid .
 13 | ```
 14 | 
 15 | and then run it with something along the lines of:
 16 | 
 17 | ```instruction to run the image
 18 | # docker run --rm -it -p 1965:1965 \
 19 |         -v /var/gemini:/path/to/gemini/root:ro \
 20 | 	gmid
 21 | ```
 22 | 
 23 | By default a sample config that serves the content of /var/gemini using a self-signed certificate is included.
 24 | 
 25 | 
 26 | ## gencert
 27 | 
 28 | => TREE/contrib/gencert contrib/gencert
 29 | 
 30 | contrib/gencert is a simple script to generate self-signed certificates.
 31 | 
 32 | ## systemd unit file
 33 | 
 34 | => TREE/contrib/gmid.service contrib/gmid.service
 35 | => TREE/contrib/gmid.sysusers contrib/gmid.sysusers
 36 | 
 37 | A simple service file for systemd.  To install it
 38 | 
 39 | ```instructions to install the system file
 40 | # cp contrib/gmid.service /etc/systemd/system/gmid.service
 41 | # systemctl daemon-reload
 42 | ```
 43 | 
 44 | then the usual ‘systemctl [status|start|enable|stop] gmid’ commands can be used to manage the server.
 45 | 
 46 | Some things to keep in mind:
 47 | * the ExecStart path may depend on the installation
 48 | * a ‘gmid’ user needs to be created with systemd-sysusers or useradd:
 49 | 
 50 | ```how to create a dedicated user
 51 | # systemd-sysusers contrib/gmid.sysusers
 52 |  or
 53 | # useradd --system --no-create-home -s /bin/nologin -c "gmid Gemini server" gmid
 54 | ```
 55 | 
 56 | * logs can be inspected with journalctl(1)
 57 | 
 58 | ```reads gmid logs with journalctl
 59 | # journalctl -t gmid
 60 | ```
 61 | 
 62 | ## mime.types
 63 | 
 64 | => TREE/contrib/mime.types contrib/mime.types
 65 | 
 66 | A copy of OpenBSD' /usr/share/misc/mime.types to be used as
 67 | 
 68 | ```
 69 | # /etc/gmid.conf
 70 | 
 71 | types {
 72 | 	include "/path/to/mime.types"
 73 | }
 74 | ```
 75 | 
 76 | ## renew certificates automatically
 77 | 
 78 | => TREE/contrib/renew-certs contrib/renew-certs
 79 | 
 80 | contrib/renew-certs is a script meant to be run in a crontab that watch for certificate expiration.  It can optionally renew the certs and restart gmid too.
 81 | 
 82 | Read the documentation with: perldoc renew-certs
 83 | 
 84 | ## vim syntax files
 85 | 
 86 | => TREE/contrib/vim contrib/vim
 87 | 
 88 | contrib/vim contains a syntax highlighting for vim.  To install it, just copy the files to ~/.vim or to /usr/share/vim/vimfiles, e.g.:
 89 | 
 90 | ```install the vim syntax highlight in your home
 91 | $ mkdir -p ~/.vim
 92 | $ cp -R contrib/vim/* ~/.vim/
 93 | ```
 94 | 
 95 | To enable Syntastic checker, add to your vimrc:
 96 | 
 97 | ```
 98 | let g:syntastic_gmid_checkers = ['gmid']
 99 | ```
100 | 
101 | Obligatory screenshot:
102 | 
103 | => vim-screenshot.png Screenshot of vim editing gmid.conf
104 | 


--------------------------------------------------------------------------------
/regress/Makefile:
--------------------------------------------------------------------------------
  1 | # tests to run as a port of the regression suite.  Leave empty to run
  2 | # all.
  3 | TESTS=
  4 | 
  5 | GENCERT_FLAGS=
  6 | 
  7 | # host to bind to during regress
  8 | REGRESS_HOST =	localhost
  9 | 
 10 | # set to no if don't have IPv6 working (need to listen on ::1)
 11 | HAVE_IPV6 =	yes
 12 | 
 13 | DISTFILES =	Makefile \
 14 | 		env \
 15 | 		err \
 16 | 		example.mime.types \
 17 | 		fcgi-test.c \
 18 | 		fill-file.c \
 19 | 		hello \
 20 | 		invalid \
 21 | 		iri_test.c \
 22 | 		lib.sh \
 23 | 		max-length-reply \
 24 | 		puny-test.c \
 25 | 		regress \
 26 | 		serve-bigfile \
 27 | 		slow \
 28 | 		tests.sh \
 29 | 		valid.ext
 30 | 
 31 | -include ../config.mk
 32 | 
 33 | COBJS =		${COMPATS:.c=.o}
 34 | REG_COMPATS =	${COBJS:%=../%}
 35 | 
 36 | PUNY_SRCS =	puny-test.c ../puny.c ../utf8.c ../utils.c ../log.c
 37 | PUNY_OBJS =	${PUNY_SRCS:.c=.o} ${REG_COMPATS}
 38 | 
 39 | IRI_SRCS =	iri_test.c ../iri.c ../utf8.c ../log.c
 40 | IRI_OBJS =	${IRI_SRCS:.c=.o} ${REG_COMPATS}
 41 | 
 42 | .PHONY: all data clean dist
 43 | 
 44 | all: data puny-test iri_test fcgi-test
 45 | 	env HAVE_IPV6="${HAVE_IPV6}" REGRESS_HOST="${REGRESS_HOST}" ./regress ${TESTS}
 46 | 
 47 | data: testdata localhost.pem testca.pem valid.crt invalid.pem
 48 | 
 49 | puny-test: ${PUNY_OBJS}
 50 | 	${CC} ${PUNY_OBJS} -o puny-test ${LIBS} ${LDFLAGS}
 51 | 
 52 | iri_test: ${IRI_OBJS}
 53 | 	${CC} ${IRI_OBJS} -o $@ ${LIBS} ${LDFLAGS}
 54 | 
 55 | fill-file: fill-file.o
 56 | 	${CC} fill-file.o -o $@ ${LIBS} ${LDFLAGS}
 57 | 
 58 | fcgi-test: fcgi-test.o
 59 | 	${CC} fcgi-test.o ../log.o ${REG_COMPATS} -o fcgi-test ${LIBS} ${LDFLAGS}
 60 | 
 61 | localhost.key: localhost.pem
 62 | 
 63 | localhost.pem:
 64 | 	./../contrib/gencert ${GENCERT_FLAGS} localhost >/dev/null
 65 | 
 66 | testca.pem:
 67 | 	openssl genrsa -out testca.key 2048
 68 | 	openssl req -x509 -new -sha256		\
 69 | 		-key testca.key			\
 70 | 		-days 365 -nodes		\
 71 | 		-out testca.pem			\
 72 | 		-subj "/CN=testca"
 73 | 	@echo
 74 | 
 75 | valid.crt: testca.pem
 76 | 	openssl genrsa -out valid.key 2048
 77 | 	openssl req -new -key valid.key	\
 78 | 		-out valid.csr		\
 79 | 		-subj "/CN=valid"
 80 | 	@echo
 81 | 	openssl x509 -req -in valid.csr		\
 82 | 		-CA testca.pem			\
 83 | 		-CAkey testca.key		\
 84 | 		-CAcreateserial			\
 85 | 		-out valid.crt			\
 86 | 		-days 365			\
 87 | 		-sha256 -extfile valid.ext
 88 | 
 89 | invalid.pem: localhost.pem
 90 | 	cp localhost.pem invalid.pem
 91 | 	cp localhost.key invalid.key
 92 | 
 93 | clean:
 94 | 	rm -f *.o iri_test localhost.pem localhost.key
 95 | 	rm -f localhost.pem localhost.key
 96 | 	rm -f testca.* valid.csr valid.key valid.crt invalid.pem invalid.key
 97 | 	rm -rf testdata fill-file puny-test fcgi-test
 98 | 	rm -f gmid.pid fcgi.sock
 99 | 
100 | testdata: fill-file
101 | 	mkdir testdata
102 | 	./fill-file testdata/bigfile
103 | 	printf "# hello world\n" > testdata/index.gmi
104 | 	cp hello slow err invalid serve-bigfile env testdata/
105 | 	cp max-length-reply testdata
106 | 	mkdir testdata/dir
107 | 	date > 'testdata/dir/current date'
108 | 	cp hello testdata/dir
109 | 	cp testdata/index.gmi testdata/dir/foo.gmi
110 | 	touch testdata/test.m3u8 testdata/foo.1
111 | 
112 | dist: ${DISTFILES}
113 | 	mkdir -p ${DESTDIR}/
114 | 	${INSTALL} -m 0644 ${DISTFILES} ${DESTDIR}/
115 | 	cd ${DESTDIR}/ && chmod +x env err hello invalid \
116 | 		max-length-reply regress slow
117 | 


--------------------------------------------------------------------------------
/gg.1:
--------------------------------------------------------------------------------
  1 | .\" Copyright (c) 2021-2024 Omar Polo 
  2 | .\"
  3 | .\" Permission to use, copy, modify, and distribute this software for any
  4 | .\" purpose with or without fee is hereby granted, provided that the above
  5 | .\" copyright notice and this permission notice appear in all copies.
  6 | .\"
  7 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  8 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  9 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 10 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 11 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 12 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 13 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 14 | .Dd $Mdocdate: May 29 2024$
 15 | .Dt GG 1
 16 | .Os
 17 | .Sh NAME
 18 | .Nm gg
 19 | .Nd gemini client
 20 | .Sh SYNOPSIS
 21 | .Nm
 22 | .Bk -words
 23 | .Op Fl 23Nnq
 24 | .Op Fl C Ar cert
 25 | .Op Fl d Ar mode
 26 | .Op Fl H Ar sni
 27 | .Op Fl K Ar key
 28 | .Op Fl P Ar host Ns Oo : Ns Ar port Oc
 29 | .Op Fl T Ar seconds
 30 | .Ar gemini://...
 31 | .Ek
 32 | .Sh DESCRIPTION
 33 | .Nm
 34 | .Pq gemini get
 35 | fetches the given gemini page and prints it to standard output.
 36 | .Pp
 37 | The options are as follows:
 38 | .Bl -tag -width Ds
 39 | .It Fl 2
 40 | Use TLSv1.2.
 41 | .It Fl 3
 42 | Use TLSv1.3.
 43 | .It Fl C Ar certificate
 44 | Use the given client
 45 | .Ar certificate .
 46 | .It Fl d Ar mode
 47 | Specify what
 48 | .Nm
 49 | should print.
 50 | .Ar mode
 51 | can be one of:
 52 | .Bl -tag -width header -compact
 53 | .It Ic none
 54 | print only the body of the reply, the default.
 55 | .It Ic code
 56 | print only the response code.
 57 | .It Ic header
 58 | print only the response header.
 59 | .It Ic meta
 60 | print only the response meta.
 61 | .It Ic all
 62 | print the whole response as-is.
 63 | .El
 64 | .It Fl H Ar sni
 65 | Use the given
 66 | .Ar sni
 67 | host name instead of the one deducted by the IRI or proxy.
 68 | .It Fl K Ar key
 69 | Specify the key for the certificate.
 70 | It's mandatory if
 71 | .Fl C
 72 | is used.
 73 | .It Fl N
 74 | Disables the server name verification.
 75 | .It Fl n
 76 | Check the given IRI for validity, but don't issue any requests.
 77 | .It Fl P Ar host Ns Oo : Ns Ar port Oc
 78 | Connect to the given
 79 | .Ar host
 80 | and
 81 | .Ar port
 82 | to do the request instead of the ones extracted by the IRI.
 83 | .Ar port
 84 | is by default 1965.
 85 | IPv6 addresses have to be wrapped in braces, for e.g. [::1].
 86 | .It Fl q
 87 | Don't print server error messages to standard error.
 88 | .It Fl T Ar seconds
 89 | Kill
 90 | .Nm
 91 | after
 92 | .Ar seconds .
 93 | .El
 94 | .Sh EXIT STATUS
 95 | The
 96 | .Nm
 97 | utility exits with zero if the response code was in the 2x range.
 98 | If a failure occurs, it exits with status code 1.
 99 | Otherwise, the error code reflects the Gemini response code.
100 | .Sh ACKNOWLEDGEMENTS
101 | .Nm
102 | uses the
103 | .Dq Flexible and Economical
104 | UTF-8 decoder written by
105 | .An Bjoern Hoehrmann .
106 | .Sh SEE ALSO
107 | .Xr ftp 1 ,
108 | .Xr titan 1
109 | .Sh AUTHORS
110 | .An -nosplit
111 | The
112 | .Nm
113 | utility was written by
114 | .An Omar Polo Aq Mt op@omarpolo.com .
115 | .Sh CAVEATS
116 | .Nm
117 | doesn't perform TOFU
118 | .Pq Trust On First Use
119 | or any X.509 certificate validation beyond the name verification.
120 | .Pp
121 | .Nm
122 | doesn't follow redirects.
123 | 


--------------------------------------------------------------------------------
/compat/vis/vis.h:
--------------------------------------------------------------------------------
 1 | /*	$OpenBSD: vis.h,v 1.15 2015/07/20 01:52:27 millert Exp $	*/
 2 | /*	$NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $	*/
 3 | 
 4 | /*-
 5 |  * Copyright (c) 1990 The Regents of the University of California.
 6 |  * All rights reserved.
 7 |  *
 8 |  * Redistribution and use in source and binary forms, with or without
 9 |  * modification, are permitted provided that the following conditions
10 |  * are met:
11 |  * 1. Redistributions of source code must retain the above copyright
12 |  *    notice, this list of conditions and the following disclaimer.
13 |  * 2. Redistributions in binary form must reproduce the above copyright
14 |  *    notice, this list of conditions and the following disclaimer in the
15 |  *    documentation and/or other materials provided with the distribution.
16 |  * 3. Neither the name of the University nor the names of its contributors
17 |  *    may be used to endorse or promote products derived from this software
18 |  *    without specific prior written permission.
19 |  *
20 |  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 |  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 |  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 |  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 |  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 |  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 |  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 |  * SUCH DAMAGE.
31 |  *
32 |  *	@(#)vis.h	5.9 (Berkeley) 4/3/91
33 |  */
34 | 
35 | #ifndef _VIS_H_
36 | #define	_VIS_H_
37 | 
38 | /*
39 |  * to select alternate encoding format
40 |  */
41 | #define	VIS_OCTAL	0x01	/* use octal \ddd format */
42 | #define	VIS_CSTYLE	0x02	/* use \[nrft0..] where appropriate */
43 | 
44 | /*
45 |  * to alter set of characters encoded (default is to encode all
46 |  * non-graphic except space, tab, and newline).
47 |  */
48 | #define	VIS_SP		0x04	/* also encode space */
49 | #define	VIS_TAB		0x08	/* also encode tab */
50 | #define	VIS_NL		0x10	/* also encode newline */
51 | #define	VIS_WHITE	(VIS_SP | VIS_TAB | VIS_NL)
52 | #define	VIS_SAFE	0x20	/* only encode "unsafe" characters */
53 | #define	VIS_DQ		0x200	/* backslash-escape double quotes */
54 | #define	VIS_ALL		0x400	/* encode all characters */
55 | 
56 | /*
57 |  * other
58 |  */
59 | #define	VIS_NOSLASH	0x40	/* inhibit printing '\' */
60 | #define	VIS_GLOB	0x100	/* encode glob(3) magics and '#' */
61 | 
62 | /*
63 |  * unvis return codes
64 |  */
65 | #define	UNVIS_VALID	 1	/* character valid */
66 | #define	UNVIS_VALIDPUSH	 2	/* character valid, push back passed char */
67 | #define	UNVIS_NOCHAR	 3	/* valid sequence, no character produced */
68 | #define	UNVIS_SYNBAD	-1	/* unrecognized escape sequence */
69 | #define	UNVIS_ERROR	-2	/* decoder in unknown state (unrecoverable) */
70 | 
71 | /*
72 |  * unvis flags
73 |  */
74 | #define	UNVIS_END	1	/* no more characters */
75 | 
76 | char	*vis(char *, int, int, int);
77 | int	strvis(char *, const char *, int);
78 | int	stravis(char **, const char *, int);
79 | int	strnvis(char *, const char *, size_t, int);
80 | int	strvisx(char *, const char *, size_t, int);
81 | int	strunvis(char *, const char *);
82 | int	unvis(char *, char, int *, int);
83 | ssize_t strnunvis(char *, const char *, size_t);
84 | 
85 | #endif /* !_VIS_H_ */
86 | 


--------------------------------------------------------------------------------
/utf8.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Copyright (c) 2008-2009 Bjoern Hoehrmann 
 3 |  *
 4 |  * Permission is hereby granted, free of charge, to any person
 5 |  * obtaining a copy of this software and associated documentation
 6 |  * files (the "Software"), to deal in the Software without
 7 |  * restriction, including without limitation the rights to use, copy,
 8 |  * modify, merge, publish, distribute, sublicense, and/or sell copies
 9 |  * of the Software, and to permit persons to whom the Software is
10 |  * furnished to do so, subject to the following conditions:
11 |  *
12 |  * The above copyright notice and this permission notice shall be
13 |  * included in all copies or substantial portions of the Software.
14 |  *
15 |  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 |  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 |  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 |  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 |  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 |  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 |  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 |  * SOFTWARE.
23 |  */
24 | 
25 | #include "gmid.h"
26 | 
27 | #include 
28 | #include 
29 | 
30 | #define UTF8_ACCEPT 0
31 | #define UTF8_REJECT 1
32 | 
33 | static const uint8_t utf8d[] = {
34 | 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 00..1f
35 | 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 20..3f
36 | 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 40..5f
37 | 	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, // 60..7f
38 | 	1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9, // 80..9f
39 | 	7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, // a0..bf
40 | 	8,8,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, // c0..df
41 | 	0xa,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x4,0x3,0x3, // e0..ef
42 | 	0xb,0x6,0x6,0x6,0x5,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8,0x8, // f0..ff
43 | 	0x0,0x1,0x2,0x3,0x5,0x8,0x7,0x1,0x1,0x1,0x4,0x6,0x1,0x1,0x1,0x1, // s0..s0
44 | 	1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,0,1,0,1,1,1,1,1,1, // s1..s2
45 | 	1,2,1,1,1,1,1,2,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1, // s3..s4
46 | 	1,2,1,1,1,1,1,1,1,2,1,1,1,1,1,1,1,1,1,1,1,1,1,3,1,3,1,1,1,1,1,1, // s5..s6
47 | 	1,3,1,1,1,1,1,3,1,3,1,1,1,1,1,1,1,3,1,1,1,1,1,1,1,1,1,1,1,1,1,1, // s7..s8
48 | };
49 | 
50 | static inline uint32_t
51 | utf8_decode(uint32_t* state, uint32_t* codep, uint8_t byte) {
52 | 	uint32_t type = utf8d[byte];
53 | 
54 | 	*codep = (*state != UTF8_ACCEPT) ?
55 | 		(byte & 0x3fu) | (*codep << 6) :
56 | 		(0xff >> type) & (byte);
57 | 
58 | 	*state = utf8d[256 + *state*16 + type];
59 | 	return *state;
60 | }
61 | 
62 | /* for the iri parser.  Modelled after printCodePoints */
63 | int
64 | valid_multibyte_utf8(struct parser *p)
65 | {
66 | 	uint32_t cp = 0, state = 0;
67 | 
68 | 	for (; *p->iri; p->iri++)
69 | 		if (!utf8_decode(&state, &cp, *p->iri))
70 | 			break;
71 | 
72 | 	/* reject the ASCII range */
73 | 	if (state || cp <= 0x7F) {
74 | 		/* XXX: do some error recovery? */
75 | 		if (state)
76 | 			p->err = "invalid UTF-8 character";
77 | 		return 0;
78 | 	}
79 | 	return 1;
80 | }
81 | 
82 | char *
83 | utf8_nth(char *s, size_t n)
84 | {
85 | 	size_t i;
86 | 	uint32_t cp = 0, state = 0;
87 | 
88 | 	for (i = 0; *s && i < n; ++s)
89 | 		if (!utf8_decode(&state, &cp, *s))
90 | 			++i;
91 | 
92 | 	if (state != UTF8_ACCEPT)
93 | 		return NULL;
94 | 	if (i == n)
95 | 		return s;
96 | 	return NULL;
97 | }
98 | 


--------------------------------------------------------------------------------
/contrib/mime.types:
--------------------------------------------------------------------------------
  1 | #	$OpenBSD: mime.types,v 1.4 2018/01/06 22:05:03 sthen Exp $
  2 | 
  3 | application/atom+xml					atom
  4 | application/font-woff					woff
  5 | application/java-archive				jar war ear
  6 | application/javascript					js
  7 | application/json					json
  8 | application/mac-binhex40				hqx
  9 | application/msword					doc
 10 | application/octet-stream				bin exe dll
 11 | application/octet-stream				deb
 12 | application/octet-stream				dmg
 13 | application/octet-stream				fs iso img
 14 | application/octet-stream				msi msp msm
 15 | application/pdf						pdf
 16 | application/postscript					ps eps ai
 17 | application/rss+xml					rss
 18 | application/rtf						rtf
 19 | application/vnd.apple.mpegurl				m3u8
 20 | application/vnd.google-earth.kml+xml			kml
 21 | application/vnd.google-earth.kmz			kmz
 22 | application/vnd.ms-excel				xls
 23 | application/vnd.ms-fontobject				eot
 24 | application/vnd.ms-powerpoint				ppt
 25 | application/vnd.oasis.opendocument.chart		odc
 26 | application/vnd.oasis.opendocument.chart-template	otc
 27 | application/vnd.oasis.opendocument.database		odb
 28 | application/vnd.oasis.opendocument.formula		odf
 29 | application/vnd.oasis.opendocument.formula-template	otf
 30 | application/vnd.oasis.opendocument.graphics		odg
 31 | application/vnd.oasis.opendocument.graphics-template	otg
 32 | application/vnd.oasis.opendocument.image		odi
 33 | application/vnd.oasis.opendocument.image-template	oti
 34 | application/vnd.oasis.opendocument.presentation		odp
 35 | application/vnd.oasis.opendocument.presentation-template otp
 36 | application/vnd.oasis.opendocument.spreadsheet		ods
 37 | application/vnd.oasis.opendocument.spreadsheet-template	ots
 38 | application/vnd.oasis.opendocument.text			odt
 39 | application/vnd.oasis.opendocument.text-master		odm
 40 | application/vnd.oasis.opendocument.text-template	ott
 41 | application/vnd.oasis.opendocument.text-web		oth
 42 | application/vnd.wap.wmlc				wmlc
 43 | application/x-7z-compressed				7z
 44 | application/x-cocoa					cco
 45 | application/x-java-archive-diff				jardiff
 46 | application/x-java-jnlp-file				jnlp
 47 | application/x-makeself					run
 48 | application/x-ns-proxy-autoconfig			pac
 49 | application/x-perl					pl pm
 50 | application/x-pilot					prc pdb
 51 | application/x-rar-compressed				rar
 52 | application/x-redhat-package-manager			rpm
 53 | application/x-sea					sea
 54 | application/x-shockwave-flash				swf
 55 | application/x-stuffit					sit
 56 | application/x-tcl					tcl tk
 57 | application/x-x509-ca-cert				der pem crt
 58 | application/x-xpinstall					xpi
 59 | application/xhtml+xml					xhtml
 60 | application/zip						zip
 61 | 
 62 | audio/basic						au snd
 63 | audio/midi						mid midi kar
 64 | audio/mpeg						mp3
 65 | audio/ogg						ogg
 66 | audio/x-m4a						m4a
 67 | audio/x-realaudio					ra
 68 | 
 69 | image/gif						gif
 70 | image/jpeg						jpeg jpg
 71 | image/png						png
 72 | image/svg+xml						svg svgz
 73 | image/tiff						tif tiff
 74 | image/vnd.wap.wbmp					wbmp
 75 | image/webp						webp
 76 | image/x-icon						ico
 77 | image/x-jng						jng
 78 | image/x-ms-bmp						bmp
 79 | 
 80 | text/css						css
 81 | text/html						html htm shtml
 82 | text/mathml						mml
 83 | text/plain						txt
 84 | text/vnd.sun.j2me.app-descriptor			jad
 85 | text/vnd.wap.wml					wml
 86 | text/x-component					htc
 87 | text/xml						xml
 88 | 
 89 | video/3gpp						3gpp 3gp
 90 | video/mp2t						ts
 91 | video/mp4						mp4
 92 | video/mpeg						mpeg mpg
 93 | video/quicktime						mov
 94 | video/webm						webm
 95 | video/x-flv						flv
 96 | video/x-m4v						m4v
 97 | video/x-matroska					mkv
 98 | video/x-mng						mng
 99 | video/x-ms-asf						asx asf
100 | video/x-ms-wmv						wmv
101 | video/x-msvideo						avi
102 | 


--------------------------------------------------------------------------------
/logger.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2021, 2023 Omar Polo 
  3 |  *
  4 |  * Permission to use, copy, modify, and distribute this software for any
  5 |  * purpose with or without fee is hereby granted, provided that the above
  6 |  * copyright notice and this permission notice appear in all copies.
  7 |  *
  8 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 |  */
 16 | 
 17 | #include "gmid.h"
 18 | 
 19 | #include 
 20 | #include 
 21 | 
 22 | #include 
 23 | #include 
 24 | #include 
 25 | #include 
 26 | #include 
 27 | #include 
 28 | #include 
 29 | #include 
 30 | #include 
 31 | #include 
 32 | 
 33 | #include "log.h"
 34 | #include "proc.h"
 35 | 
 36 | #ifndef nitems
 37 | #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
 38 | #endif
 39 | 
 40 | static int logfd = -1;
 41 | static int log_to_syslog = 1;
 42 | static int facility = LOG_DAEMON;
 43 | 
 44 | static void logger_init(struct privsep *, struct privsep_proc *, void *);
 45 | static void logger_shutdown(void);
 46 | static int logger_dispatch_parent(int, struct privsep_proc *, struct imsg *);
 47 | static int logger_dispatch_server(int, struct privsep_proc *, struct imsg *);
 48 | 
 49 | static struct privsep_proc procs[] = {
 50 | 	{ "parent",	PROC_PARENT,	logger_dispatch_parent },
 51 | 	{ "server",	PROC_SERVER,	logger_dispatch_server },
 52 | };
 53 | 
 54 | void
 55 | logger(struct privsep *ps, struct privsep_proc *p)
 56 | {
 57 | 	proc_run(ps, p, procs, nitems(procs), logger_init, NULL);
 58 | }
 59 | 
 60 | static void
 61 | logger_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 62 | {
 63 | 	p->p_shutdown = logger_shutdown;
 64 | 
 65 | 	openlog(getprogname(), LOG_NDELAY, LOG_DAEMON);
 66 | 	tzset();
 67 | 
 68 | 	sandbox_logger_process();
 69 | }
 70 | 
 71 | static void
 72 | logger_shutdown(void)
 73 | {
 74 | 	closelog();
 75 | 	if (logfd != -1)
 76 | 		close(logfd);
 77 | }
 78 | 
 79 | static int
 80 | logger_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 81 | {
 82 | 	switch (imsg_get_type(imsg)) {
 83 | 	case IMSG_LOG_FACILITY:
 84 | 		if (imsg_get_data(imsg, &facility, sizeof(facility)) == -1)
 85 | 			fatal("corrupted IMSG_LOG_SYSLOG");
 86 | 		break;
 87 | 	case IMSG_LOG_SYSLOG:
 88 | 		if (imsg_get_data(imsg, &log_to_syslog,
 89 | 		    sizeof(log_to_syslog)) == -1)
 90 | 			fatal("corrupted IMSG_LOG_SYSLOG");
 91 | 		break;
 92 | 	case IMSG_LOG_ACCESS:
 93 | 		if (logfd != -1)
 94 | 			close(logfd);
 95 | 		logfd = imsg_get_fd(imsg);
 96 | 		break;
 97 | 	default:
 98 | 		return -1;
 99 | 	}
100 | 
101 | 	return 0;
102 | }
103 | 
104 | static int
105 | logger_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
106 | {
107 | 	char *msg;
108 | 	size_t datalen = 0;
109 | 	struct ibuf ibuf;
110 | 
111 | 	switch (imsg_get_type(imsg)) {
112 | 	case IMSG_LOG_REQUEST:
113 | 		if (imsg_get_ibuf(imsg, &ibuf) == -1 ||
114 | 		    (datalen = ibuf_size(&ibuf)) == 0)
115 | 			fatal("got invalid IMSG_LOG_REQUEST");
116 | 		msg = ibuf_data(&ibuf);
117 | 		msg[datalen - 1] = '\0';
118 | 		if (logfd != -1)
119 | 			dprintf(logfd, "%s\n", msg);
120 | 		if (log_to_syslog)
121 | 			syslog(facility | LOG_NOTICE, "%s", msg);
122 | 		break;
123 | 	default:
124 | 		return -1;
125 | 	}
126 | 
127 | 	return 0;
128 | }
129 | 


--------------------------------------------------------------------------------
/gmid.8:
--------------------------------------------------------------------------------
  1 | .\" Copyright (c) 2021, 2022, 2023, 2024 Omar Polo 
  2 | .\"
  3 | .\" Permission to use, copy, modify, and distribute this software for any
  4 | .\" purpose with or without fee is hereby granted, provided that the above
  5 | .\" copyright notice and this permission notice appear in all copies.
  6 | .\"
  7 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  8 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  9 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 10 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 11 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 12 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 13 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 14 | .Dd April 27, 2024
 15 | .Dt GMID 8
 16 | .Os
 17 | .Sh NAME
 18 | .Nm gmid
 19 | .Nd Gemini server
 20 | .Sh SYNOPSIS
 21 | .Nm
 22 | .Bk -words
 23 | .Op Fl fhnVv
 24 | .Op Fl c Ar config
 25 | .Op Fl D Ar macro Ns = Ns Ar value
 26 | .Op Fl P Ar pidfile
 27 | .Ek
 28 | .Sh DESCRIPTION
 29 | .Nm
 30 | is a simple and minimal gemini server that can serve static files,
 31 | talk to FastCGI applications and act as a gemini reverse proxy.
 32 | .Pp
 33 | .Nm
 34 | rereads the configuration file when it receives
 35 | .Dv SIGHUP
 36 | and reopens log files when it receives
 37 | .Dv SIGUSR1 .
 38 | .Pp
 39 | The options are as follows:
 40 | .Bl -tag -width 14m
 41 | .It Fl c Ar config
 42 | Specifies the configuration file.
 43 | The default is
 44 | .Pa /etc/gmid.conf .
 45 | .It Fl D Ar macro Ns = Ns Ar value
 46 | Define
 47 | .Ar macro
 48 | to be set to
 49 | .Ar value
 50 | on the command line.
 51 | Overrides the definition of
 52 | .Ar macro
 53 | in the config file if present.
 54 | .It Fl f
 55 | Do not daemonize.
 56 | Stay and log in the foreground.
 57 | .It Fl h , Fl -help
 58 | Print the usage and exit.
 59 | .It Fl n
 60 | Check that the configuration is valid, but don't start the server.
 61 | If specified two or more time, dump the configuration in addition to
 62 | verify it.
 63 | .It Fl P Ar pidfile
 64 | Write daemon's pid to the given location.
 65 | .Ar pidfile
 66 | will also act as lock: if another process is holding a lock on that
 67 | file,
 68 | .Nm
 69 | will refuse to start.
 70 | .It Fl V , Fl -version
 71 | Print the version and exit.
 72 | .It Fl v
 73 | Verbose mode.
 74 | .El
 75 | .Sh EXAMPLES
 76 | To run
 77 | .Nm
 78 | a configuration file and a X.509 certificate must be provided.
 79 | A self-signed certificate, which are commonly used in the Geminispace,
 80 | can be generated using for e.g.\&
 81 | .Xr openssl 1 :
 82 | .Bd -literal -offset indent
 83 | # openssl req \-x509 \-newkey rsa:4096 \-nodes \e
 84 | 	\-keyout /etc/ssl/private/example.com.key \e
 85 | 	\-out /etc/ssl/example.com.pem \e
 86 | 	\-days 365 \-subj "/CN=example.com"
 87 | # chmod 600 /etc/ssl/example.com.crt
 88 | # chmod 600 /etc/ssl/private/example.com.key
 89 | .Ed
 90 | .Pp
 91 | Then
 92 | .Nm
 93 | can be started with
 94 | .Bd -literal -offset indent
 95 | # gmid -c /etc/gmid.conf
 96 | .Ed
 97 | .Sh SEE ALSO
 98 | .Xr gemexp 1 ,
 99 | .Xr gg 1 ,
100 | .Xr gmid.conf 5
101 | .Sh ACKNOWLEDGEMENTS
102 | .Nm
103 | uses the
104 | .Dq Flexible and Economical
105 | UTF-8 decoder written by
106 | .An Bjoern Hoehrmann .
107 | .Sh AUTHORS
108 | .An -nosplit
109 | The
110 | .Nm
111 | program was written by
112 | .An Omar Polo Aq Mt op@omarpolo.com .
113 | .Sh CAVEATS
114 | .Bl -bullet
115 | .It
116 | All the root directories are opened during the daemon configuration;
117 | if a root directory is deleted and then re-created,
118 | .Nm
119 | won't be able to serve files inside that directory until a reload.
120 | This restriction only applies to the root directories and not their
121 | content.
122 | .It
123 | a %2F sequence is indistinguishable from a literal slash: this is not
124 | RFC3986-compliant.
125 | .It
126 | a %00 sequence is treated as invalid character and thus rejected.
127 | .El
128 | 


--------------------------------------------------------------------------------
/mime.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2021, 2022, 2023 Omar Polo 
  3 |  *
  4 |  * Permission to use, copy, modify, and distribute this software for any
  5 |  * purpose with or without fee is hereby granted, provided that the above
  6 |  * copyright notice and this permission notice appear in all copies.
  7 |  *
  8 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 |  */
 16 | 
 17 | #include "gmid.h"
 18 | 
 19 | #include 
 20 | #include 
 21 | #include 
 22 | 
 23 | #include "log.h"
 24 | 
 25 | void
 26 | init_mime(struct mime *mime)
 27 | {
 28 | 	mime->len = 0;
 29 | 	mime->cap = 16;
 30 | 
 31 | 	mime->t = calloc(mime->cap, sizeof(struct etm));
 32 | 	if (mime->t == NULL)
 33 | 		fatal("calloc");
 34 | }
 35 | 
 36 | /* register mime for the given extension */
 37 | int
 38 | add_mime(struct mime *mime, const char *mt, const char *ext)
 39 | {
 40 | 	struct etm *t;
 41 | 	size_t newcap;
 42 | 
 43 | 	if (mime->len == mime->cap) {
 44 | 		newcap = mime->cap * 1.5;
 45 | 		t = recallocarray(mime->t, mime->cap, newcap,
 46 | 		    sizeof(struct etm));
 47 | 		if (t == NULL)
 48 | 			return -1;
 49 | 		mime->t = t;
 50 | 		mime->cap = newcap;
 51 | 	}
 52 | 
 53 | 	t = &mime->t[mime->len];
 54 | 	if (strlcpy(t->mime, mt, sizeof(t->mime)) >= sizeof(t->mime))
 55 | 		return -1;
 56 | 	if (strlcpy(t->ext, ext, sizeof(t->ext)) >= sizeof(t->ext))
 57 | 		return -1;
 58 | 	mime->len++;
 59 | 	return 0;
 60 | }
 61 | 
 62 | /* load a default set of common mime-extension associations */
 63 | int
 64 | load_default_mime(struct mime *mime)
 65 | {
 66 | 	const struct mapping {
 67 | 		const char *mime;
 68 | 		const char *ext;
 69 | 	} m[] = {
 70 | 		{"application/pdf",	"pdf"},
 71 | 		{"image/gif",		"gif"},
 72 | 		{"image/jpeg",		"jpg"},
 73 | 		{"image/jpeg",		"jpeg"},
 74 | 		{"image/png",		"png"},
 75 | 		{"image/svg+xml",	"svg"},
 76 | 		{"text/gemini",		"gemini"},
 77 | 		{"text/gemini",		"gmi"},
 78 | 		{"text/markdown",	"markdown"},
 79 | 		{"text/markdown",	"md"},
 80 | 		{"text/plain",		"txt"},
 81 | 		{"text/x-patch",	"diff"},
 82 | 		{"text/x-patch",	"patch"},
 83 | 		{"text/xml",		"xml"},
 84 | 		{NULL, NULL}
 85 | 	}, *i;
 86 | 
 87 | 	/* don't load the default if `types' was used. */
 88 | 	if (mime->len != 0)
 89 | 		return 0;
 90 | 
 91 | 	for (i = m; i->mime != NULL; ++i) {
 92 | 		if (add_mime(mime, i->mime, i->ext) == -1)
 93 | 			return -1;
 94 | 	}
 95 | 
 96 | 	return 0;
 97 | }
 98 | 
 99 | static const char *
100 | path_ext(const char *path)
101 | {
102 | 	const char *end;
103 | 
104 | 	end = path + strlen(path)-1;
105 | 	for (; end != path; --end) {
106 | 		if (*end == '.')
107 | 			return end+1;
108 | 		if (*end == '/')
109 | 			break;
110 | 	}
111 | 
112 | 	return NULL;
113 | }
114 | 
115 | static int
116 | mime_comp(const void *a, const void *b)
117 | {
118 | 	const struct etm *x = a, *y = b;
119 | 
120 | 	return strcmp(x->ext, y->ext);
121 | }
122 | 
123 | void
124 | sort_mime(struct mime *m)
125 | {
126 | 	qsort(m->t, m->len, sizeof(*m->t), mime_comp);
127 | }
128 | 
129 | static int
130 | mime_find(const void *a, const void *b)
131 | {
132 | 	const char *ext = a;
133 | 	const struct etm *x = b;
134 | 
135 | 	return strcmp(ext, x->ext);
136 | }
137 | 
138 | const char *
139 | mime(struct conf *conf, struct vhost *host, const char *path)
140 | {
141 | 	const char *def, *ext;
142 | 	struct etm *t;
143 | 
144 | 	def = vhost_default_mime(host, path);
145 | 
146 | 	if ((ext = path_ext(path)) == NULL)
147 | 		return def;
148 | 
149 | 	t = bsearch(ext, conf->mime.t, conf->mime.len, sizeof(*conf->mime.t),
150 | 	    mime_find);
151 | 	if (t != NULL)
152 | 		return t->mime;
153 | 	if (!strcmp(ext, "gmi") || !strcmp(ext, "gemini"))
154 | 		return "text/gemini";
155 | 	return def;
156 | }
157 | 
158 | void
159 | free_mime(struct mime *m)
160 | {
161 | 	free(m->t);
162 | }
163 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # gmid
  2 | 
  3 | gmid is a full-featured Gemini server written with security in mind.
  4 | It can serve static files, has optional FastCGI and proxying support,
  5 | and a rich configuration syntax.
  6 | 
  7 | A few helper programs are shipped as part of gmid:
  8 | 
  9 |  - `gg` is a simple command-line Gemini client.
 10 | 
 11 |  - `gemexp` is a stripped-down config-less version of gmid to quickly
 12 |    serve a directory from the command line.
 13 | 
 14 |  - `titan` is a command-line titan client.
 15 | 
 16 | 
 17 | ## Internationalisation (IRIs, IDN, UNICODE)
 18 | 
 19 | Even thought the current Gemini specification doesn't mention anything
 20 | in this regard, I think it's important to make as easy as possible to
 21 | use non-ASCII characters in domain names and URL paths.
 22 | 
 23 | For starters, gmid has full support for IRIs (RFC3987 —
 24 | Internationalized Resource Identifiers).  IRIs are a superset of URIs
 25 | that allow UNICODE characters, so there aren't incompatibilities with
 26 | URI-only clients.
 27 | 
 28 | There is full support also for IDNs (Internationalized Domain Names).
 29 | There's no need to fiddle with punycode, or even know what it is: the
 30 | hostname in the configuration file can (and must be) in the decoded
 31 | form (e.g. `naïve` and not `xn--nave-6pa`), gmid will do the rest.
 32 | 
 33 | The only missing piece is UNICODE normalisation of the IRI path: gmid
 34 | doesn't do that (yet).
 35 | 
 36 | 
 37 | ## Configuration
 38 | 
 39 | [httpd]: https://man.openbsd.org/httpd.8
 40 | 
 41 | gmid has a rich configuration file, heavily inspired by OpenBSD'
 42 | [httpd(8)][httpd], with every detail carefully documented in the
 43 | manpage.  Here's a minimal example of a config file:
 44 | 
 45 | ```conf
 46 | # /etc/gmid.conf
 47 | server "example.com" {
 48 | 	listen on * port 1965
 49 | 	cert "/path/to/cert.pem"
 50 | 	key  "/path/to/key.pem"
 51 | 	root "/var/gemini/example.com"
 52 | }
 53 | ```
 54 | 
 55 | and a slightly more complex one
 56 | 
 57 | ```conf
 58 | # /etc/gmid.conf
 59 | cert_root = "/path/to/keys"
 60 | 
 61 | server "example.com" {
 62 | 	listen on * port 1965
 63 | 
 64 | 	alias "foobar.com"
 65 | 
 66 | 	cert $cert_root "/example.com.crt"
 67 | 	key  $cert_root "/example.com.pem"
 68 | 	root "/var/gemini/example.com"
 69 | 
 70 | 	# lang for text/gemini files
 71 | 	lang "en"
 72 | 
 73 | 	# only for locations that matches /files/*
 74 | 	location "/files/*" {
 75 | 		# generate directory listings
 76 | 		auto index on
 77 | 	}
 78 | 
 79 | 	location "/repo/*" {
 80 | 		# change the index file name
 81 | 		index "README.gmi"
 82 | 		lang "it"
 83 | 	}
 84 | }
 85 | ```
 86 | 
 87 | 
 88 | ## Building
 89 | 
 90 | gmid depends on libevent2, LibreSSL or OpenSSL, and yacc or GNU bison.
 91 | 
 92 | The build is as simple as
 93 | 
 94 | 	$ ./configure
 95 | 	$ make
 96 | 
 97 | If the configure scripts fails to pick up something, please open an
 98 | issue or notify me via email.
 99 | 
100 | To install execute:
101 | 
102 | 	# make install
103 | 
104 | 
105 | ### Testing
106 | 
107 | Execute
108 | 
109 | 	$ make regress
110 | 
111 | to start the suite.  Keep in mind that the regression tests needs to
112 | create a few file inside the `regress` directory and bind the 10965 and
113 | 10966 ports.
114 | 
115 | 
116 | ## Contributing
117 | 
118 | Any form of contribution is welcome, not only patches or bug reports.
119 | If you have a sample configuration for some specific use-case, a
120 | script or anything that could be useful to others, consider adding it
121 | to the `contrib` directory.
122 | 
123 | 
124 | ## Architecture/Security considerations
125 | 
126 | gmid has a privsep design, where the operations done by the daemon are
127 | split into multiple processes:
128 | 
129 |  - main: the main process is the only one that keeps the original
130 |    privileges.  It opens the TLS certificates on the behalf of the
131 |    `server` and `crypto` processes, reloads the configuration upon
132 |    `SIGHUP` and re-opens the log files upon `SIGUSR1`.
133 | 
134 |  - logger: handles the logging with syslog and/or local files.
135 | 
136 |  - server: listens for connections and handles the requests.  It also
137 |    speaks FastCGI and do the proxying.
138 | 
139 |  - crypto: holds the TLS private keys to avoid a compromised `server`
140 |    process to disclose them.
141 | 


--------------------------------------------------------------------------------
/proc.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2010-2015 Reyk Floeter 
  3 |  *
  4 |  * Permission to use, copy, modify, and distribute this software for any
  5 |  * purpose with or without fee is hereby granted, provided that the above
  6 |  * copyright notice and this permission notice appear in all copies.
  7 |  *
  8 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 |  */
 16 | 
 17 | /* imsg */
 18 | struct imsgev {
 19 | 	struct imsgbuf		 ibuf;
 20 | 	void			(*handler)(int, short, void *);
 21 | 	struct event		 ev;
 22 | 	struct privsep_proc	*proc;
 23 | 	void			*data;
 24 | 	short			 events;
 25 | };
 26 | 
 27 | #define IMSG_SIZE_CHECK(imsg, p) do {					\
 28 | 	if (IMSG_DATA_SIZE(imsg) < sizeof(*p))				\
 29 | 		fatalx("bad length imsg received (%s)",	#p);		\
 30 | } while (0)
 31 | #define IMSG_DATA_SIZE(imsg)	((imsg)->hdr.len - IMSG_HEADER_SIZE)
 32 | 
 33 | #define PROC_PARENT_SOCK_FILENO	3
 34 | 
 35 | /* privsep */
 36 | enum privsep_procid {
 37 | 	PROC_PARENT,
 38 | 	PROC_SERVER,
 39 | 	PROC_CRYPTO,
 40 | 	PROC_LOGGER,
 41 | 	PROC_MAX,
 42 | };
 43 | 
 44 | #define CONFIG_RELOAD		0x00
 45 | #define CONFIG_SOCKS		0x01
 46 | #define CONFIG_ALL		0xff
 47 | 
 48 | struct privsep_pipes {
 49 | 	int				*pp_pipes[PROC_MAX];
 50 | };
 51 | 
 52 | struct privsep {
 53 | 	struct privsep_pipes		*ps_pipes[PROC_MAX];
 54 | 	struct privsep_pipes		*ps_pp;
 55 | 
 56 | 	struct imsgev			*ps_ievs[PROC_MAX];
 57 | 	const char			*ps_title[PROC_MAX];
 58 | 	uint8_t				 ps_what[PROC_MAX];
 59 | 
 60 | 	struct passwd			*ps_pw;
 61 | 	int				 ps_noaction;
 62 | 
 63 | 	unsigned int			 ps_instances[PROC_MAX];
 64 | 	unsigned int			 ps_instance;
 65 | 
 66 | 	/* Event and signal handlers */
 67 | 	struct event			 ps_evsigint;
 68 | 	struct event			 ps_evsigterm;
 69 | 	struct event			 ps_evsigchld;
 70 | 	struct event			 ps_evsighup;
 71 | 	struct event			 ps_evsigusr1;
 72 | 
 73 | 	void				*ps_env;
 74 | };
 75 | 
 76 | struct privsep_proc {
 77 | 	const char		*p_title;
 78 | 	enum privsep_procid	 p_id;
 79 | 	int			(*p_cb)(int, struct privsep_proc *,
 80 | 				    struct imsg *);
 81 | 	void			(*p_init)(struct privsep *,
 82 | 				    struct privsep_proc *);
 83 | 	void			(*p_shutdown)(void);
 84 | 	const char		*p_chroot;
 85 | 	struct passwd		*p_pw;
 86 | 	struct privsep		*p_ps;
 87 | };
 88 | 
 89 | struct privsep_fd {
 90 | 	enum privsep_procid		 pf_procid;
 91 | 	unsigned int			 pf_instance;
 92 | };
 93 | 
 94 | /* proc.c */
 95 | void	 proc_init(struct privsep *, struct privsep_proc *, unsigned int,
 96 | 	    int, int, char **, enum privsep_procid);
 97 | void	 proc_kill(struct privsep *);
 98 | void	 proc_connect(struct privsep *ps);
 99 | void	 proc_dispatch(int, short event, void *);
100 | void	 proc_range(struct privsep *, enum privsep_procid, int *, int *);
101 | void	 proc_run(struct privsep *, struct privsep_proc *,
102 | 	    struct privsep_proc *, unsigned int,
103 | 	    void (*)(struct privsep *, struct privsep_proc *, void *), void *);
104 | void	 imsg_event_add(struct imsgev *);
105 | int	 imsg_compose_event(struct imsgev *, uint16_t, uint32_t,
106 | 	    pid_t, int, void *, uint16_t);
107 | int	 imsg_composev_event(struct imsgev *, uint16_t, uint32_t,
108 | 	    pid_t, int, const struct iovec *, int);
109 | int	 proc_compose_imsg(struct privsep *, enum privsep_procid, int,
110 | 	    uint16_t, uint32_t, int, void *, uint16_t);
111 | int	 proc_compose(struct privsep *, enum privsep_procid,
112 | 	    uint16_t, void *data, uint16_t);
113 | int	 proc_composev_imsg(struct privsep *, enum privsep_procid, int,
114 | 	    uint16_t, uint32_t, int, const struct iovec *, int);
115 | int	 proc_composev(struct privsep *, enum privsep_procid,
116 | 	    uint16_t, const struct iovec *, int);
117 | struct imsgbuf *
118 | 	 proc_ibuf(struct privsep *, enum privsep_procid, int);
119 | struct imsgev *
120 | 	 proc_iev(struct privsep *, enum privsep_procid, int);
121 | enum privsep_procid
122 | 	 proc_getid(struct privsep_proc *, unsigned int, const char *);
123 | int	 proc_flush_imsg(struct privsep *, enum privsep_procid, int);
124 | 


--------------------------------------------------------------------------------
/log.c:
--------------------------------------------------------------------------------
  1 | /*	$OpenBSD: log.c,v 1.1 2018/07/10 16:39:54 florian Exp $	*/
  2 | 
  3 | /*
  4 |  * Copyright (c) 2003, 2004 Henning Brauer 
  5 |  *
  6 |  * Permission to use, copy, modify, and distribute this software for any
  7 |  * purpose with or without fee is hereby granted, provided that the above
  8 |  * copyright notice and this permission notice appear in all copies.
  9 |  *
 10 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 11 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 12 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 13 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 14 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 15 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 16 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 17 |  */
 18 | 
 19 | #include "gmid.h"
 20 | 
 21 | #include 
 22 | #include 
 23 | #include 
 24 | #include 
 25 | #include 
 26 | #include 
 27 | #include 
 28 | 
 29 | #include "log.h"
 30 | 
 31 | static int		 debug;
 32 | static int		 verbose;
 33 | static const char	*log_procname;
 34 | 
 35 | void
 36 | log_init(int n_debug, int facility)
 37 | {
 38 | 	debug = n_debug;
 39 | 	verbose = n_debug;
 40 | 	log_procinit(getprogname());
 41 | 
 42 | 	if (!debug)
 43 | 		openlog(getprogname(), LOG_PID | LOG_NDELAY, facility);
 44 | 
 45 | 	tzset();
 46 | }
 47 | 
 48 | void
 49 | log_procinit(const char *procname)
 50 | {
 51 | 	if (procname != NULL)
 52 | 		log_procname = procname;
 53 | }
 54 | 
 55 | void
 56 | log_setverbose(int v)
 57 | {
 58 | 	verbose = v;
 59 | }
 60 | 
 61 | int
 62 | log_getverbose(void)
 63 | {
 64 | 	return (verbose);
 65 | }
 66 | 
 67 | void
 68 | logit(int pri, const char *fmt, ...)
 69 | {
 70 | 	va_list	ap;
 71 | 
 72 | 	va_start(ap, fmt);
 73 | 	vlog(pri, fmt, ap);
 74 | 	va_end(ap);
 75 | }
 76 | 
 77 | void
 78 | vlog(int pri, const char *fmt, va_list ap)
 79 | {
 80 | 	char	*nfmt;
 81 | 	int	 saved_errno = errno;
 82 | 
 83 | 	if (debug) {
 84 | 		/* best effort in out of mem situations */
 85 | 		if (asprintf(&nfmt, "%s\n", fmt) == -1) {
 86 | 			vfprintf(stderr, fmt, ap);
 87 | 			fprintf(stderr, "\n");
 88 | 		} else {
 89 | 			vfprintf(stderr, nfmt, ap);
 90 | 			free(nfmt);
 91 | 		}
 92 | 		fflush(stderr);
 93 | 	} else
 94 | 		vsyslog(pri, fmt, ap);
 95 | 
 96 | 	errno = saved_errno;
 97 | }
 98 | 
 99 | void
100 | log_warn(const char *emsg, ...)
101 | {
102 | 	char		*nfmt;
103 | 	va_list		 ap;
104 | 	int		 saved_errno = errno;
105 | 
106 | 	/* best effort to even work in out of memory situations */
107 | 	if (emsg == NULL)
108 | 		logit(LOG_ERR, "%s", strerror(saved_errno));
109 | 	else {
110 | 		va_start(ap, emsg);
111 | 
112 | 		if (asprintf(&nfmt, "%s: %s", emsg,
113 | 		    strerror(saved_errno)) == -1) {
114 | 			/* we tried it... */
115 | 			vlog(LOG_ERR, emsg, ap);
116 | 			logit(LOG_ERR, "%s", strerror(saved_errno));
117 | 		} else {
118 | 			vlog(LOG_ERR, nfmt, ap);
119 | 			free(nfmt);
120 | 		}
121 | 		va_end(ap);
122 | 	}
123 | 
124 | 	errno = saved_errno;
125 | }
126 | 
127 | void
128 | log_warnx(const char *emsg, ...)
129 | {
130 | 	va_list	 ap;
131 | 
132 | 	va_start(ap, emsg);
133 | 	vlog(LOG_ERR, emsg, ap);
134 | 	va_end(ap);
135 | }
136 | 
137 | void
138 | log_info(const char *emsg, ...)
139 | {
140 | 	va_list	 ap;
141 | 
142 | 	va_start(ap, emsg);
143 | 	vlog(LOG_INFO, emsg, ap);
144 | 	va_end(ap);
145 | }
146 | 
147 | void
148 | log_debug(const char *emsg, ...)
149 | {
150 | 	va_list	 ap;
151 | 
152 | 	if (verbose) {
153 | 		va_start(ap, emsg);
154 | 		vlog(LOG_DEBUG, emsg, ap);
155 | 		va_end(ap);
156 | 	}
157 | }
158 | 
159 | static void
160 | vfatalc(int code, const char *emsg, va_list ap)
161 | {
162 | 	static char	s[BUFSIZ];
163 | 	const char	*sep;
164 | 
165 | 	if (emsg != NULL) {
166 | 		(void)vsnprintf(s, sizeof(s), emsg, ap);
167 | 		sep = ": ";
168 | 	} else {
169 | 		s[0] = '\0';
170 | 		sep = "";
171 | 	}
172 | 	if (code)
173 | 		logit(LOG_CRIT, "fatal in %s: %s%s%s",
174 | 		    log_procname, s, sep, strerror(code));
175 | 	else
176 | 		logit(LOG_CRIT, "fatal in %s%s%s", log_procname, sep, s);
177 | }
178 | 
179 | void
180 | fatal(const char *emsg, ...)
181 | {
182 | 	va_list	ap;
183 | 
184 | 	va_start(ap, emsg);
185 | 	vfatalc(errno, emsg, ap);
186 | 	va_end(ap);
187 | 	exit(1);
188 | }
189 | 
190 | void
191 | fatalx(const char *emsg, ...)
192 | {
193 | 	va_list	ap;
194 | 
195 | 	va_start(ap, emsg);
196 | 	vfatalc(0, emsg, ap);
197 | 	va_end(ap);
198 | 	exit(1);
199 | }
200 | 


--------------------------------------------------------------------------------
/compat/libtls/tls_bio_cb.c:
--------------------------------------------------------------------------------
  1 | /* $OpenBSD: tls_bio_cb.c,v 1.21 2023/05/14 07:26:25 op Exp $ */
  2 | /*
  3 |  * Copyright (c) 2016 Tobias Pape 
  4 |  *
  5 |  * Permission to use, copy, modify, and distribute this software for any
  6 |  * purpose with or without fee is hereby granted, provided that the above
  7 |  * copyright notice and this permission notice appear in all copies.
  8 |  *
  9 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 10 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 11 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 12 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 15 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 |  */
 17 | 
 18 | #include "config.h"
 19 | 
 20 | #include 
 21 | #include 
 22 | #include 
 23 | #include 
 24 | 
 25 | #include 
 26 | 
 27 | #include 
 28 | #include "tls_internal.h"
 29 | 
 30 | static int bio_cb_write(BIO *bio, const char *buf, int num);
 31 | static int bio_cb_read(BIO *bio, char *buf, int size);
 32 | static int bio_cb_puts(BIO *bio, const char *str);
 33 | static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr);
 34 | 
 35 | static BIO_METHOD *bio_cb_method;
 36 | 
 37 | static void
 38 | bio_cb_method_init(void)
 39 | {
 40 | 	BIO_METHOD *bio_method;
 41 | 
 42 | 	if (bio_cb_method != NULL)
 43 | 		return;
 44 | 
 45 | 	bio_method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks");
 46 | 	if (bio_method == NULL)
 47 | 		return;
 48 | 
 49 | 	BIO_meth_set_write(bio_method, bio_cb_write);
 50 | 	BIO_meth_set_read(bio_method, bio_cb_read);
 51 | 	BIO_meth_set_puts(bio_method, bio_cb_puts);
 52 | 	BIO_meth_set_ctrl(bio_method, bio_cb_ctrl);
 53 | 
 54 | 	bio_cb_method = bio_method;
 55 | }
 56 | 
 57 | static BIO_METHOD *
 58 | bio_s_cb(void)
 59 | {
 60 | 	if (bio_cb_method != NULL)
 61 | 		return (bio_cb_method);
 62 | 
 63 | 	bio_cb_method_init();
 64 | 
 65 | 	return (bio_cb_method);
 66 | }
 67 | 
 68 | static int
 69 | bio_cb_puts(BIO *bio, const char *str)
 70 | {
 71 | 	return (bio_cb_write(bio, str, strlen(str)));
 72 | }
 73 | 
 74 | static long
 75 | bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr)
 76 | {
 77 | 	long ret = 1;
 78 | 
 79 | 	switch (cmd) {
 80 | 	case BIO_CTRL_GET_CLOSE:
 81 | 		ret = (long)BIO_get_shutdown(bio);
 82 | 		break;
 83 | 	case BIO_CTRL_SET_CLOSE:
 84 | 		BIO_set_shutdown(bio, (int)num);
 85 | 		break;
 86 | 	case BIO_CTRL_DUP:
 87 | 	case BIO_CTRL_FLUSH:
 88 | 		break;
 89 | 	case BIO_CTRL_INFO:
 90 | 	case BIO_CTRL_GET:
 91 | 	case BIO_CTRL_SET:
 92 | 	default:
 93 | 		ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
 94 | 	}
 95 | 
 96 | 	return (ret);
 97 | }
 98 | 
 99 | static int
100 | bio_cb_write(BIO *bio, const char *buf, int num)
101 | {
102 | 	struct tls *ctx = BIO_get_data(bio);
103 | 	int rv;
104 | 
105 | 	BIO_clear_retry_flags(bio);
106 | 	rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
107 | 	if (rv == TLS_WANT_POLLIN) {
108 | 		BIO_set_retry_read(bio);
109 | 		rv = -1;
110 | 	} else if (rv == TLS_WANT_POLLOUT) {
111 | 		BIO_set_retry_write(bio);
112 | 		rv = -1;
113 | 	}
114 | 	return (rv);
115 | }
116 | 
117 | static int
118 | bio_cb_read(BIO *bio, char *buf, int size)
119 | {
120 | 	struct tls *ctx = BIO_get_data(bio);
121 | 	int rv;
122 | 
123 | 	BIO_clear_retry_flags(bio);
124 | 	rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
125 | 	if (rv == TLS_WANT_POLLIN) {
126 | 		BIO_set_retry_read(bio);
127 | 		rv = -1;
128 | 	} else if (rv == TLS_WANT_POLLOUT) {
129 | 		BIO_set_retry_write(bio);
130 | 		rv = -1;
131 | 	}
132 | 	return (rv);
133 | }
134 | 
135 | int
136 | tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb,
137 |     void *cb_arg)
138 | {
139 | 	const BIO_METHOD *bio_cb;
140 | 	BIO *bio;
141 | 	int rv = -1;
142 | 
143 | 	if (read_cb == NULL || write_cb == NULL) {
144 | 		tls_set_errorx(ctx, "no callbacks provided");
145 | 		goto err;
146 | 	}
147 | 
148 | 	ctx->read_cb = read_cb;
149 | 	ctx->write_cb = write_cb;
150 | 	ctx->cb_arg = cb_arg;
151 | 
152 | 	if ((bio_cb = bio_s_cb()) == NULL) {
153 | 		tls_set_errorx(ctx, "failed to create callback method");
154 | 		goto err;
155 | 	}
156 | 	if ((bio = BIO_new(bio_cb)) == NULL) {
157 | 		tls_set_errorx(ctx, "failed to create callback i/o");
158 | 		goto err;
159 | 	}
160 | 	BIO_set_data(bio, ctx);
161 | 	BIO_set_init(bio, 1);
162 | 
163 | 	SSL_set_bio(ctx->ssl_conn, bio, bio);
164 | 
165 | 	rv = 0;
166 | 
167 |  err:
168 | 	return (rv);
169 | }
170 | 


--------------------------------------------------------------------------------
/compat/libtls/tls_keypair.c:
--------------------------------------------------------------------------------
  1 | /* $OpenBSD: tls_keypair.c,v 1.8 2021/01/05 17:37:12 jsing Exp $ */
  2 | /*
  3 |  * Copyright (c) 2014 Joel Sing 
  4 |  *
  5 |  * Permission to use, copy, modify, and distribute this software for any
  6 |  * purpose with or without fee is hereby granted, provided that the above
  7 |  * copyright notice and this permission notice appear in all copies.
  8 |  *
  9 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 10 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 11 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 12 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 15 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 |  */
 17 | 
 18 | #include "config.h"
 19 | 
 20 | #include 
 21 | #include 
 22 | #include 
 23 | 
 24 | #include 
 25 | 
 26 | #include "tls_internal.h"
 27 | 
 28 | struct tls_keypair *
 29 | tls_keypair_new(void)
 30 | {
 31 | 	return calloc(1, sizeof(struct tls_keypair));
 32 | }
 33 | 
 34 | static int
 35 | tls_keypair_pubkey_hash(struct tls_keypair *keypair, struct tls_error *error)
 36 | {
 37 | 	X509 *cert = NULL;
 38 | 	int rv = -1;
 39 | 
 40 | 	free(keypair->pubkey_hash);
 41 | 	keypair->pubkey_hash = NULL;
 42 | 
 43 | 	if (keypair->cert_mem == NULL) {
 44 | 		rv = 0;
 45 | 		goto done;
 46 | 	}
 47 | 
 48 | 	if (tls_keypair_load_cert(keypair, error, &cert) == -1)
 49 | 		goto err;
 50 | 	if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1)
 51 | 		goto err;
 52 | 
 53 | 	rv = 0;
 54 | 
 55 |  err:
 56 | 	X509_free(cert);
 57 |  done:
 58 | 	return (rv);
 59 | }
 60 | 
 61 | void
 62 | tls_keypair_clear_key(struct tls_keypair *keypair)
 63 | {
 64 | 	freezero(keypair->key_mem, keypair->key_len);
 65 | 	keypair->key_mem = NULL;
 66 | 	keypair->key_len = 0;
 67 | }
 68 | 
 69 | int
 70 | tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
 71 |     const char *cert_file)
 72 | {
 73 | 	if (tls_config_load_file(error, "certificate", cert_file,
 74 | 	    &keypair->cert_mem, &keypair->cert_len) == -1)
 75 | 		return -1;
 76 | 	return tls_keypair_pubkey_hash(keypair, error);
 77 | }
 78 | 
 79 | int
 80 | tls_keypair_set_cert_mem(struct tls_keypair *keypair, struct tls_error *error,
 81 |     const uint8_t *cert, size_t len)
 82 | {
 83 | 	if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1)
 84 | 		return -1;
 85 | 	return tls_keypair_pubkey_hash(keypair, error);
 86 | }
 87 | 
 88 | int
 89 | tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
 90 |     const char *key_file)
 91 | {
 92 | 	tls_keypair_clear_key(keypair);
 93 | 	return tls_config_load_file(error, "key", key_file,
 94 | 	    &keypair->key_mem, &keypair->key_len);
 95 | }
 96 | 
 97 | int
 98 | tls_keypair_set_key_mem(struct tls_keypair *keypair, struct tls_error *error,
 99 |     const uint8_t *key, size_t len)
100 | {
101 | 	tls_keypair_clear_key(keypair);
102 | 	return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len);
103 | }
104 | 
105 | int
106 | tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
107 |     struct tls_error *error, const char *ocsp_file)
108 | {
109 | 	return tls_config_load_file(error, "ocsp", ocsp_file,
110 | 	    &keypair->ocsp_staple, &keypair->ocsp_staple_len);
111 | }
112 | 
113 | int
114 | tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
115 |     struct tls_error *error, const uint8_t *staple, size_t len)
116 | {
117 | 	return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len,
118 | 	    staple, len);
119 | }
120 | 
121 | void
122 | tls_keypair_free(struct tls_keypair *keypair)
123 | {
124 | 	if (keypair == NULL)
125 | 		return;
126 | 
127 | 	tls_keypair_clear_key(keypair);
128 | 
129 | 	free(keypair->cert_mem);
130 | 	free(keypair->ocsp_staple);
131 | 	free(keypair->pubkey_hash);
132 | 
133 | 	free(keypair);
134 | }
135 | 
136 | int
137 | tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
138 |     X509 **cert)
139 | {
140 | 	char *errstr = "unknown";
141 | 	BIO *cert_bio = NULL;
142 | 	unsigned long ssl_err;
143 | 	int rv = -1;
144 | 
145 | 	X509_free(*cert);
146 | 	*cert = NULL;
147 | 
148 | 	if (keypair->cert_mem == NULL) {
149 | 		tls_error_set(error, "keypair has no certificate");
150 | 		goto err;
151 | 	}
152 | 	if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
153 | 	    keypair->cert_len)) == NULL) {
154 | 		tls_error_set(error, "failed to create certificate bio");
155 | 		goto err;
156 | 	}
157 | 	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
158 | 	    NULL)) == NULL) {
159 | 		if ((ssl_err = ERR_peek_error()) != 0)
160 | 			errstr = ERR_error_string(ssl_err, NULL);
161 | 		tls_error_set(error, "failed to load certificate: %s", errstr);
162 | 		goto err;
163 | 	}
164 | 
165 | 	rv = 0;
166 | 
167 |  err:
168 | 	BIO_free(cert_bio);
169 | 
170 | 	return (rv);
171 | }
172 | 


--------------------------------------------------------------------------------
/regress/lib.sh:
--------------------------------------------------------------------------------
  1 | ran_no=0
  2 | failed_no=0
  3 | failed=
  4 | 
  5 | gemexp="./../gemexp"
  6 | gg="./../gg"
  7 | gmid="./../gmid"
  8 | current_test=
  9 | server_name=
 10 | gghost=
 11 | 
 12 | fcgi_content() {
 13 | 	cat <
 22 | * REMOTE_HOST=
 23 | * REQUEST_METHOD=GET
 24 | * SCRIPT_NAME=
 25 | * SERVER_NAME=
 26 | * SERVER_PORT=$port
 27 | * SERVER_PROTOCOL=GEMINI
 28 | * SERVER_SOFTWARE=$($gmid -V | awk '{print $2 "/" $3}')
 29 | EOF
 30 | }
 31 | 
 32 | run_test() {
 33 | 	ggflags=
 34 | 	host="$REGRESS_HOST"
 35 | 	port=10965
 36 | 	proxy_port=10966
 37 | 	proxy=
 38 | 	config_common="log syslog off"
 39 | 	fcgi_path_info=/
 40 | 	fcgi_path="$PWD/testdata/"
 41 | 	hdr=
 42 | 	body=
 43 | 	dont_check_server_alive=no
 44 | 
 45 | 	ran_no=$((ran_no + 1))
 46 | 
 47 | 	current_test=$1
 48 | 	server_name=localhost
 49 | 	gghost=localhost
 50 | 
 51 | 	rm -f reg.conf
 52 | 
 53 | 	if [ "$2" = "need_ipv6" -a "$HAVE_IPV6" != "yes" ]; then
 54 | 		echo "$1 skipped (needs HAVE_IPV6='yes')"
 55 | 		return
 56 | 	elif ! $1; then
 57 | 		echo "$1 failed"
 58 | 		failed="$failed $1"
 59 | 		failed_no=$((failed_no + 1))
 60 | 		return
 61 | 	else
 62 | 		echo "$1 passed"
 63 | 	fi
 64 | 
 65 | 	if [ "$dont_check_server_alive" != 'no' ]; then
 66 | 		return
 67 | 	fi
 68 | 
 69 | 	if ! check; then
 70 | 		echo "gmid crashed?"
 71 | 		failed="$failed $1"
 72 | 		failed_no=$((failed_no + 1))
 73 | 	fi
 74 | }
 75 | 
 76 | tests_done() {
 77 | 	ok=$((ran_no - failed_no))
 78 | 	echo
 79 | 	echo "tests: $ran_no / passed: $ok / failed: $failed_no"
 80 | 	if [ "$failed" != "" ]; then
 81 | 		echo
 82 | 		echo "failed tests:$failed"
 83 | 		exit 1
 84 | 	fi
 85 | 	exit 0
 86 | }
 87 | 
 88 | # usage: gen_config  
 89 | # generates a configuration file reg.conf
 90 | gen_config() {
 91 | 	cat < reg.conf
 92 | $config_common
 93 | $1
 94 | server "$server_name" {
 95 | 	cert "$PWD/localhost.pem"
 96 | 	key  "$PWD/localhost.key"
 97 | 	root "$PWD/testdata"
 98 | 	listen on $host port $port $proxy
 99 | 	$2
100 | }
101 | EOF
102 | 	if ! checkconf; then
103 | 		echo "failed to parse the config" >&2
104 | 		return 1
105 | 	fi
106 | }
107 | 
108 | set_proxy() {
109 | 	cat <>reg.conf
110 | server "localhost.local" {
111 | 	cert "$PWD/localhost.pem"
112 | 	key "$PWD/localhost.key"
113 | 	listen on $host port $proxy_port
114 | 	proxy {
115 | 		relay-to localhost port $port
116 | 		$1
117 | 	}
118 | }
119 | EOF
120 | 
121 | 	if ! checkconf; then
122 | 		echo "failed to parse the config" >&2
123 | 		return 1
124 | 	fi
125 | }
126 | 
127 | checkconf() {
128 | 	if ! $gmid -n -c reg.conf >/dev/null 2>&1; then
129 | 		$gmid -n -c reg.conf
130 | 	fi
131 | }
132 | 
133 | # usage: setup_simple_test  
134 | # generates a configuration file with `gen_config', validates it and
135 | # launches the daemon
136 | setup_simple_test() {
137 | 	gen_config "$1" "$2"
138 | 	run
139 | }
140 | 
141 | # usage: get 
142 | # return the body of the request on stdout
143 | get() {
144 | 	$gg -q -T10 $ggflags "gemini://$gghost:$port/$1" || true
145 | }
146 | 
147 | # usage: head 
148 | # return the meta response line on stdout
149 | head() {
150 | 	$gg -q -T10 -d header $ggflags "gemini://$gghost:$port/$1" || true
151 | }
152 | 
153 | # usage: fetch 
154 | # fetches the header and the body.  They're returned in $hdr and
155 | # $body.
156 | fetch() {
157 | 	if ! hdr="$(head $1)" || ! body="$(get $1)"; then
158 | 		return 1
159 | 	fi
160 | }
161 | 
162 | # usage: fetch_hdr 
163 | # fetches the header into $hdr
164 | fetch_hdr() {
165 | 	hdr="$(head $1)"
166 | 	body=""
167 | }
168 | 
169 | # usage: check_reply header body
170 | # checks that $hdr and $body are equal to the given strings
171 | check_reply() {
172 | 	if [ "$hdr" != "$1" ]; then
173 | 		echo "Header mismatch" >&2
174 | 		echo "wants : $1"      >&2
175 | 		echo "got   : $hdr"    >&2
176 | 		return 1
177 | 	fi
178 | 
179 | 	if [ "$body" != "$2" ]; then
180 | 		echo "Body mismatch" >&2
181 | 		echo "wants : $2"    >&2
182 | 		echo "got   : $body" >&2
183 | 		return 1
184 | 	fi
185 | }
186 | 
187 | run() {
188 | 	if check; then
189 | 		kill -HUP "$(cat gmid.pid)"
190 | 		sleep 1
191 | 		return
192 | 	fi
193 | 
194 | 	$gmid -P $PWD/gmid.pid -c reg.conf
195 | 
196 | 	# give gmid time to bind the port, otherwise we end up
197 | 	# executing gg when gmid isn't ready yet.
198 | 	sleep 1
199 | }
200 | 
201 | check() {
202 | 	if [ ! -f gmid.pid ]; then
203 | 		return 1
204 | 	fi
205 | 
206 | 	pid="$(cat gmid.pid || true)"
207 | 	if [ "$pid" = "" ]; then
208 | 		return 1
209 | 	fi
210 | 
211 | 	ps $pid >/dev/null
212 | }
213 | 
214 | count() {
215 | 	wc -l | xargs
216 | }
217 | 
218 | quit() {
219 | 	pid="$(cat gmid.pid || true)" 2>/dev/null
220 | 	if [ "$pid" != "" ]; then
221 | 		kill $pid || true
222 | 		wait || true
223 | 	fi
224 | 	rm gmid.pid
225 | }
226 | 
227 | onexit() {
228 | 	rm -f bigfile bigfile.sha
229 | 	quit
230 | }
231 | 


--------------------------------------------------------------------------------
/site/quickstart.gmi:
--------------------------------------------------------------------------------
  1 | # gmid quickstart guide
  2 | 
  3 | The aim of this “quickstart” guide is to get your capsule up and running.
  4 | 
  5 | gmid needs a configuration file to operate.  The format is quite flexible and carefully described in the gmid.conf(5) manpage, but to start this should be enough:
  6 | 
  7 | ```sample configuration file
  8 | # /etc/gmid.conf
  9 | 
 10 | server "example.com" {
 11 | 	listen on * port 1965
 12 | 	cert "/etc/ssl/example.com.pem"
 13 | 	key  "/etc/ssl/private/example.com.key"
 14 | 
 15 | 	# path to the root directory of your capsule
 16 | 	root "/var/gemini/example.com"
 17 | }
 18 | ```
 19 | 
 20 | This will have gmid listening on any address on port 1965 and serving the directory /var/gemini/example.com.
 21 | 
 22 | A TLS certificate is also needed.  There are many way to obtain one (acme-client, certbot, ...) but within the Geminispace is common to use self-signed ones.
 23 | 
 24 | One way to generate self-signed certificates is to use openssl(1), but contrib/gencert is easier to use:
 25 | 
 26 | => TREE/contrib/gencert contrib/gencert
 27 | 
 28 | ```generate a certificate using contrib/gencert
 29 | $ ./contrib/gencert example.com
 30 | Generating a 4096 bit RSA private key
 31 | .................................................++++
 32 | ..........++++
 33 | writing new private key to './example.com.key'
 34 | -----
 35 | 
 36 | Generated files:
 37 |         ./example.com.pem : certificate
 38 |         ./example.com.key : private key
 39 | ```
 40 | 
 41 | Move ‘example.com.pem’ and ‘example.com.key’ to a safe place and double check that the ‘cert’ and ‘key’ options in the configuration points to these files.
 42 | 
 43 | One place could be ‘/etc/ssl/’
 44 | 
 45 | ```how to save the certificate and private key in /etc/ssl
 46 | # mkdir -p /etc/ssl/private
 47 | # chown 700 /etc/ssl/private
 48 | # mv example.com.pem /etc/ssl/
 49 | # mv example.com.key /etc/ssl/private/
 50 | ```
 51 | 
 52 | Then running gmid is as easy as
 53 | 
 54 | ```running gmid
 55 | # gmid -c /etc/gmid.conf
 56 | ```
 57 | 
 58 | Congratulations, your capsule is online!
 59 | 
 60 | 
 61 | ## Securing your gmid installation
 62 | 
 63 | gmid employs various techniques to prevent the damage caused by bugs but some steps needs to be done manually.
 64 | 
 65 | If gmid was installed from your distribution package manager chance are that it already does all of this and is also providing a service to easily run gmid (e.g. a rc script, a systemd unit file, …)  Otherwise, it’s heavily suggested to create at least a dedicated user.
 66 | 
 67 | 
 68 | ### A dedicated user
 69 | 
 70 | Ideally, gmid should be started as root and then drop privileges.  This allows to save the certificates in a directory that's readable only by root
 71 | 
 72 | For example, on OpenBSD a ‘_gmid’ user can be created with:
 73 | 
 74 | ```
 75 | # useradd -c gmid -d /var/empty -s /sbin/nologin _gmid
 76 | ```
 77 | 
 78 | while on most GNU/linux systems it's:
 79 | 
 80 | ```how to create the gmid user
 81 | # useradd --system --no-create-home -s /bin/nologin -c "gmid Gemini server" gmid
 82 | ```
 83 | 
 84 | or if you use systemd-sysusers:
 85 | 
 86 | ```how to create the gmid user, using systemd-sysusers
 87 | # systemd-sysusers contrib/gmid.sysusers
 88 | ```
 89 | 
 90 | Please consult your OS documentation for more information on the matter.
 91 | 
 92 | The configuration then needs to be adjusted to include the ‘user’ directive at the top:
 93 | 
 94 | ```how to use the ‘user’ option
 95 | # /etc/gmid.conf
 96 | user "gmid"
 97 | 
 98 | server "example.com" { … }
 99 | ```
100 | 
101 | Now gmid needs to be started with root privileges but will switch to the provided user automatically.  If by accident the ‘user’ option is omitted and gmid is running as root, it will complain loudly in the logs.
102 | 
103 | 
104 | ### chroot
105 | 
106 | It’s a common practice for system daemons to chroot themselves into a directory.  From here on I’ll assume /var/gemini, but it can be any directory.
107 | 
108 | A chroot on UNIX-like OS is an operation that changes the “apparent” root directory (i.e. the “/”) from the current process and its child.  Think of it like imprisoning a process into a directory and never letting it escape until it terminates.
109 | 
110 | Using a chroot may complicate the setup since eventual FastCGI socket or files needed for DNS resolution need to be installed or copied inside the chroot too.
111 | 
112 | The chroot feature requires a dedicate user, see the previous section.
113 | 
114 | To chroot gmid inside a directory, use the ‘chroot’ directive in the configuration file:
115 | 
116 | ```how to use the ‘chroot’ option
117 | # /etc/gmid.conf
118 | 
119 | user "gmid"
120 | 
121 | # the given directory, /var/gemini in this case, must exists.
122 | chroot "/var/gemini"
123 | ```
124 | 
125 | Note that once ‘chroot’ is in place, every ‘root’ directive is implicitly relative to the chroot, but ‘cert’ and ‘key’ aren’t!
126 | 
127 | For example, given the following configuration:
128 | 
129 | ```example configuration using chroot
130 | # /etc/gmid.conf
131 | 
132 | user "gmid"
133 | chroot "/var/gemini"
134 | 
135 | server "example.com" {
136 | 	listen on *
137 | 	cert "/etc/ssl/example.com.pem"
138 | 	key  "/etc/ssl/example.com.key"
139 | 	root "/example.com"
140 | }
141 | ```
142 | 
143 | The certificate and the key path are the specified ones, but the root directory of the virtual host is actually “/var/gemini/example.com/”.
144 | 


--------------------------------------------------------------------------------
/dirs.c:
--------------------------------------------------------------------------------
  1 | /*	$OpenBSD: scandir.c,v 1.21 2019/06/28 13:32:41 deraadt Exp $ */
  2 | 
  3 | /*
  4 |  * This is a modified verision of scandir that takes an explicit
  5 |  * directory file descriptor as parameter.
  6 |  */
  7 | 
  8 | /*
  9 |  * Copyright (c) 1983, 1993
 10 |  *	The Regents of the University of California.  All rights reserved.
 11 |  *
 12 |  * Redistribution and use in source and binary forms, with or without
 13 |  * modification, are permitted provided that the following conditions
 14 |  * are met:
 15 |  * 1. Redistributions of source code must retain the above copyright
 16 |  *    notice, this list of conditions and the following disclaimer.
 17 |  * 2. Redistributions in binary form must reproduce the above copyright
 18 |  *    notice, this list of conditions and the following disclaimer in the
 19 |  *    documentation and/or other materials provided with the distribution.
 20 |  * 3. Neither the name of the University nor the names of its contributors
 21 |  *    may be used to endorse or promote products derived from this software
 22 |  *    without specific prior written permission.
 23 |  *
 24 |  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 25 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 26 |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 27 |  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 28 |  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 29 |  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 30 |  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 31 |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 32 |  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 33 |  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 34 |  * SUCH DAMAGE.
 35 |  */
 36 | 
 37 | /*
 38 |  * Scan the directory fd calling select to make a list of selected
 39 |  * directory entries then sort using qsort and compare routine dcomp.
 40 |  * Returns the number of entries and a pointer to a list of pointers to
 41 |  * struct dirent (through namelist). Returns -1 if there were any errors.
 42 |  */
 43 | 
 44 | #include "gmid.h"
 45 | 
 46 | #include 
 47 | #include 
 48 | 
 49 | #include 
 50 | #include 
 51 | #include 
 52 | #include 
 53 | #include 
 54 | 
 55 | #define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
 56 | 
 57 | /*
 58 |  * The DIRSIZ macro is the minimum record length which will hold the directory
 59 |  * entry.  This requires the amount of space in struct dirent without the
 60 |  * d_name field, plus enough space for the name and a terminating nul byte
 61 |  * (dp->d_namlen + 1), rounded up to a 4 byte boundary.
 62 |  */
 63 | #undef DIRSIZ
 64 | #define DIRSIZ(dp, namlen)						\
 65 | 	((sizeof(struct dirent) - sizeof(dp)->d_name) +			\
 66 | 	    ((namlen + 1 + 3) &~ 3))
 67 | 
 68 | int
 69 | scandir_fd(int fd, struct dirent ***namelist,
 70 |     int (*select)(const struct dirent *),
 71 |     int (*dcomp)(const struct dirent **, const struct dirent **))
 72 | {
 73 | 	struct dirent *d, *p, **names = NULL;
 74 | 	size_t arraysz, namlen, nitems = 0;
 75 | 	struct stat stb;
 76 | 	DIR *dirp;
 77 | 
 78 | 	if ((dirp = fdopendir(fd)) == NULL)
 79 | 		return (-1);
 80 | 	if (fstat(fd, &stb) == -1)
 81 | 		goto fail;
 82 | 
 83 | 	/*
 84 | 	 * estimate the array size by taking the size of the directory file
 85 | 	 * and dividing it by a multiple of the minimum size entry.
 86 | 	 */
 87 | 	arraysz = MAXIMUM(stb.st_size / 24, 16);
 88 | 	if (arraysz > SIZE_MAX / sizeof(struct dirent *)) {
 89 | 		errno = ENOMEM;
 90 | 		goto fail;
 91 | 	}
 92 | 	names = calloc(arraysz, sizeof(struct dirent *));
 93 | 	if (names == NULL)
 94 | 		goto fail;
 95 | 
 96 | 	while ((d = readdir(dirp)) != NULL) {
 97 | 		if (select != NULL && !(*select)(d))
 98 | 			continue;	/* just selected names */
 99 | 
100 | 		/*
101 | 		 * Check to make sure the array has space left and
102 | 		 * realloc the maximum size.
103 | 		 */
104 | 		if (nitems >= arraysz) {
105 | 			struct dirent **nnames;
106 | 
107 | 			if (fstat(fd, &stb) == -1)
108 | 				goto fail;
109 | 
110 | 			arraysz *= 2;
111 | 			if (SIZE_MAX / sizeof(struct dirent *) < arraysz)
112 | 				goto fail;
113 | 			nnames = reallocarray(names,
114 | 			    arraysz, sizeof(struct dirent *));
115 | 			if (nnames == NULL)
116 | 				goto fail;
117 | 
118 | 			names = nnames;
119 | 		}
120 | 
121 | 		/*
122 | 		 * Make a minimum size copy of the data
123 | 		 */
124 | 		namlen = strlen(d->d_name);
125 | 		p = malloc(DIRSIZ(d, namlen));
126 | 		if (p == NULL)
127 | 			goto fail;
128 | 
129 | 		p->d_ino = d->d_ino;
130 | 		p->d_type = d->d_type;
131 | 		memcpy(p->d_name, d->d_name, namlen + 1);
132 | 		names[nitems++] = p;
133 | 	}
134 | 	closedir(dirp);
135 | 	if (nitems && dcomp != NULL)
136 | 		qsort(names, nitems, sizeof(struct dirent *),
137 | 		    (int(*)(const void *, const void *))dcomp);
138 | 	*namelist = names;
139 | 	return (nitems);
140 | 
141 | fail:
142 | 	while (nitems > 0)
143 | 		free(names[--nitems]);
144 | 	free(names);
145 | 	closedir(dirp);
146 | 	return (-1);
147 | }
148 | 
149 | int
150 | select_non_dot(const struct dirent *d)
151 | {
152 | 	return strcmp(d->d_name, ".");
153 | }
154 | 
155 | int
156 | select_non_dotdot(const struct dirent *d)
157 | {
158 | 	return strcmp(d->d_name, ".") && strcmp(d->d_name, "..");
159 | }
160 | 


--------------------------------------------------------------------------------
/contrib/renew-certs:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env perl
  2 | #
  3 | # Copyright (c) 2021 Omar Polo 
  4 | #
  5 | # Permission to use, copy, modify, and distribute this software for any
  6 | # purpose with or without fee is hereby granted, provided that the above
  7 | # copyright notice and this permission notice appear in all copies.
  8 | #
  9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 | #
 17 | # You can read the documentation for this script using
 18 | #
 19 | #	$ perldoc renew-certs
 20 | #
 21 | 
 22 | use v5.10;
 23 | use strict;
 24 | use warnings;
 25 | 
 26 | use Getopt::Std;
 27 | use Time::Piece;
 28 | 
 29 | my $auto = 0;
 30 | my $conf = '/etc/gmid.conf';
 31 | my $days = 365;
 32 | my $gmid = 'gmid';
 33 | my $restart = 0;
 34 | my $threshold = 24 * 60 * 60;
 35 | 
 36 | my %options = ();
 37 | getopts("ac:d:g:r", \%options);
 38 | 
 39 | foreach my $flag (keys %options) {
 40 | 	if ($flag eq 'a') {
 41 | 		$auto = 1;
 42 | 	} elsif ($flag eq 'c') {
 43 | 		$conf = $options{c};
 44 | 	} elsif ($flag eq 'd') {
 45 | 		$days = int($options{d}) or exit 1;
 46 | 	} elsif ($flag eq 'g') {
 47 | 		$gmid = $options{g};
 48 | 	} elsif ($flag eq 'r') {
 49 | 		$auto = 1;
 50 | 		$restart = 1;
 51 | 	} elsif ($flag eq 't') {
 52 | 		$threshold = int($options{t}) or exit 1;
 53 | 	}
 54 | }
 55 | 
 56 | my $now = localtime()->epoch + $threshold;
 57 | my $found_one = 0;
 58 | 
 59 | my $c = `$gmid -nn -c $conf @ARGV 2>/dev/null`;
 60 | die "$gmid failed to parse $conf" if $? != 0;
 61 | 
 62 | while ($c =~ /server \"(.*)\"/g) {
 63 | 	my $server = $1;
 64 | 
 65 | 	$c =~ /cert \"(.*)\"/gc;
 66 | 	my $cert = $1;
 67 | 
 68 | 	$c =~ /key \"(.*)\"/gc;
 69 | 	my $key = $1;
 70 | 
 71 | 	if (expired($cert)) {
 72 | 		$found_one = 1;
 73 | 		if ($auto) {
 74 | 			renew($server, $cert, $key);
 75 | 		} else {
 76 | 			say $server;
 77 | 		}
 78 | 	}
 79 | }
 80 | 
 81 | if ($found_one && $restart) {
 82 | 	my @cmd = ("pkill", "-HUP", $gmid);
 83 | 	system(@cmd);
 84 | }
 85 | 
 86 | exit !$found_one;
 87 | 
 88 | sub expired {
 89 | 	my ($cert) = @_;
 90 | 
 91 | 	my $exp = `openssl x509 -noout -enddate -in $cert`;
 92 | 	die 'failed to execute openssl' if $? != 0;
 93 | 	chomp $exp;
 94 | 
 95 | 	my $d = Time::Piece->strptime($exp, "notAfter=%b %e %T %Y %Z");
 96 | 	return $d->epoch < $now;
 97 | }
 98 | 
 99 | sub renew {
100 | 	my ($hostname, $cert, $key) = @_;
101 | 	my @cmd = (
102 | 		"openssl", "req", "-x509",
103 | 		"-newkey", "rsa:4096",
104 | 		"-out", $cert,
105 | 		"-keyout", $key,
106 | 		"-days", $days,
107 | 		"-nodes",
108 | 		"-subj", "/CN=".$hostname,
109 | 	);
110 | 
111 | 	system(@cmd) == 0
112 | 	    or die "system @cmd failed: $?";
113 | }
114 | 
115 | __END__
116 | 
117 | =head1 NAME
118 | 
119 | B - automatically renew gmid certificates
120 | 
121 | =head1 SYNOPSIS
122 | 
123 | B [-ar] [-c I] [-d I] [-g I] [-t I] [-- I]
124 | 
125 | =head1 DESCRIPTION
126 | 
127 | B attempts to renew the certificates used by gmid if they
128 | are close to the expiration date and can optionally restart the
129 | server.  It's meant to be used in a crontab(5) file.
130 | 
131 | B needs at least B 1.8.
132 | 
133 | The arguments are as follows:
134 | 
135 | =over
136 | 
137 | =item -a
138 | 
139 | Automatically generate a new set of certificates.
140 | 
141 | =item -c I
142 | 
143 | Path to the gmid configuration.  By default is F.
144 | 
145 | =item -d I
146 | 
147 | Number of I the newly generated certificates will be valid for;
148 | 365 by default.
149 | 
150 | =item -g I
151 | 
152 | Path to the gmid(1) executable.
153 | 
154 | =item -r
155 | 
156 | Restart B after re-generating the certificates by killing it
157 | with SIGHUP.  Implies -a.
158 | 
159 | =item -t I
160 | 
161 | Tweak the expiring I.  Certificates whose I field
162 | ends before I seconds will be considered outdated.  By
163 | default is 86400, or 24 * 60 * 60, 24 hours.
164 | 
165 | =item I
166 | 
167 | Additional flags to be passed to gmid(1).
168 | 
169 | =back
170 | 
171 | =head1 EXIT STATUS
172 | 
173 | The B utility exits on 0 when at least one certificate is
174 | about to expire and >0 otherwise, or if an error occurs.
175 | 
176 | =head1 EXAMPLES
177 | 
178 | Some examples of how to use B in a crontab(5) file
179 | follows:
180 | 
181 | 	# automatically renew and restart gmid
182 | 	0 0 * * * renew-certs -r
183 | 
184 | 	# like the previous, but pass a custom flag to gmid
185 | 	0 0 * * * renew-certs -r -- -Dcerts=/etc/ssl/
186 | 
187 | 	# automatically renew the certs but use a custom
188 | 	# command (rcctl in this case) to restart the server
189 | 	0 0 * * * renew-certs -a && rcctl restart gmid
190 | 
191 | 	# only check for expiration.  `cmd' can read the names of the
192 | 	# servers with an expiring certificate from stdin, one per
193 | 	# line
194 | 	0 0 * * * renew-certs | cmd
195 | 
196 | =head1 SEE ALSO
197 | 
198 | crontab(1) gmid(1) openssl(1) crontab(5)
199 | 
200 | =cut
201 | 


--------------------------------------------------------------------------------
/proxy-proto.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Copyright (c) 2024 github.com/Sir-Photch 
  3 |  *
  4 |  * Permission to use, copy, modify, and distribute this software for any
  5 |  * purpose with or without fee is hereby granted, provided that the above
  6 |  * copyright notice and this permission notice appear in all copies.
  7 |  *
  8 |  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 |  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 |  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 |  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 |  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 |  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 |  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 |  */
 16 | 
 17 | #include "gmid.h"
 18 | 
 19 | #include 
 20 | #include 
 21 | 
 22 | #include "log.h"
 23 | 
 24 | #define MIN(a, b) (a) < (b) ? (a) : (b)
 25 | 
 26 | static int
 27 | check_prefix_v1(char **buf)
 28 | {
 29 | 	static const char PROXY[6] = "PROXY ";
 30 | 
 31 | 	if (strncmp(*buf, PROXY, sizeof(PROXY)) != 0)
 32 | 		return (-1);
 33 | 
 34 | 	*buf += sizeof(PROXY);
 35 | 
 36 | 	return (0);
 37 | }
 38 | 
 39 | static int
 40 | check_proto_v1(char **buf)
 41 | {
 42 | 	static const char TCP[3] = "TCP";
 43 | 
 44 | 	if (strncmp(*buf, TCP, sizeof(TCP)) != 0)
 45 | 		return (-1);
 46 | 
 47 | 	*buf += sizeof(TCP);
 48 | 
 49 | 	int type;
 50 | 	switch ((*buf)[0]) {
 51 | 	case '4': type = 4; break;
 52 | 	case '6': type = 6; break;
 53 | 	default: return (-1);
 54 | 	}
 55 | 
 56 | 	if ((*buf)[1] != ' ')
 57 | 		return (-1);
 58 | 
 59 | 	// '4' / '6' + ' '
 60 | 	*buf += 2;
 61 | 
 62 | 	return type;
 63 | }
 64 | 
 65 | static int
 66 | check_unknown_v1(char **buf)
 67 | {
 68 | 	static const char UNKNOWN[7] = "UNKNOWN";
 69 | 
 70 | 	if (strncmp(*buf, UNKNOWN, sizeof(UNKNOWN)) != 0)
 71 | 		return (-1);
 72 | 
 73 | 	*buf += sizeof(UNKNOWN);
 74 | 
 75 | 	return (0);
 76 | }
 77 | 
 78 | static int
 79 | check_crlf_v1(char *const *buf, size_t buflen)
 80 | {
 81 | 	static const char CRLF[2] = "\r\n";
 82 | 
 83 | 	if (buflen < sizeof(CRLF))
 84 | 		return (-1);
 85 | 
 86 | 	if (!memmem(*buf, buflen, CRLF, sizeof(CRLF)))
 87 | 		return (-1);
 88 | 
 89 | 	return (0);
 90 | }
 91 | 
 92 | static int
 93 | check_ip_v1(int af, char **buf, struct sockaddr_storage *addr, socklen_t *len)
 94 | {
 95 | 	struct addrinfo	 hints, *res;
 96 | 	char		*spc;
 97 | 	int		 err;
 98 | 
 99 | 	if ((spc = strchr(*buf, ' ')) == NULL)
100 | 		return (-1);
101 | 
102 | 	*spc++ = '\0';
103 | 
104 | 	memset(&hints, 0, sizeof(hints));
105 | 	hints.ai_family = af;
106 | 	hints.ai_flags = AI_NUMERICHOST;
107 | 	err = getaddrinfo(*buf, NULL, &hints, &res);
108 | 	if (err) {
109 | 		log_warnx("getaddrinfo(%s): %s", *buf, gai_strerror(err));
110 | 		return (-1);
111 | 	}
112 | 
113 | 	memcpy(addr, res->ai_addr, res->ai_addrlen);
114 | 	*len = res->ai_addrlen;
115 | 	freeaddrinfo(res);
116 | 
117 | 	*buf = spc;
118 | 
119 | 	return (0);
120 | }
121 | 
122 | static int
123 | check_port_v1(uint16_t *port, char **buf)
124 | {
125 | 	size_t wspc_idx = strcspn(*buf, " \r");
126 | 	char *wspc = *buf + wspc_idx;
127 | 
128 | 	if (!(*wspc == ' ' || *wspc == '\r'))
129 | 		return (-1);
130 | 
131 | 	*wspc++ = '\0';
132 | 
133 | 	const char *errstr;
134 | 	long long num = strtonum(*buf, 0, UINT16_MAX, &errstr);
135 | 	if (errstr)
136 | 		return (-1);
137 | 
138 | 	*buf = wspc;
139 | 	*port = num;
140 | 
141 | 	return (0);
142 | }
143 | 
144 | int
145 | proxy_proto_v1_parse(struct proxy_protocol_v1 *s, char *buf, size_t buflen,
146 |     size_t *consumed)
147 | {
148 | 	const char *begin = buf;
149 | 	int af;
150 | 
151 | 	if (check_crlf_v1(&buf, buflen) == -1 ||
152 | 	    check_prefix_v1(&buf) == -1)
153 | 		return (-1);
154 | 
155 | 	switch (check_proto_v1(&buf)) {
156 | 	case 4: s->proto = PROTO_V4; break;
157 | 	case 6: s->proto = PROTO_V6; break;
158 | 	case -1:
159 | 		if (check_unknown_v1(&buf) == -1)
160 | 			return (-1);
161 | 		s->proto = PROTO_UNKNOWN;
162 | 		return (0);
163 | 	default:
164 | 		return (-1);
165 | 	}
166 | 
167 | 	af = AF_INET;
168 | 	if (s->proto == PROTO_V6)
169 | 		af = AF_INET6;
170 | 
171 | 	if (check_ip_v1(af, &buf, &s->srcaddr, &s->srclen) == -1 ||
172 | 	    check_ip_v1(AF_UNSPEC, &buf, &s->dstaddr, &s->dstlen) == -1 ||
173 | 	    check_port_v1(&s->srcport, &buf) == -1 ||
174 | 	    check_port_v1(&s->dstport, &buf) == -1)
175 | 		return (-1);
176 | 
177 | 	if (*buf != '\n')
178 | 		return (-1);
179 | 	buf += 1;
180 | 
181 | 	*consumed = buf - begin;
182 | 	return (0);
183 | }
184 | 
185 | int
186 | proxy_proto_v1_string(const struct proxy_protocol_v1 *s, char *buf,
187 |     size_t buflen)
188 | {
189 | 	char srcaddr[NI_MAXHOST], dstaddr[NI_MAXHOST];
190 | 	int ret;
191 | 
192 | 	if (s->proto == PROTO_UNKNOWN)
193 | 		return strlcpy(buf, "unknown", buflen);
194 | 
195 | 	ret = getnameinfo((struct sockaddr *)&s->srcaddr, s->srclen,
196 | 	    srcaddr, sizeof(srcaddr), NULL, 0,
197 | 	    NI_NUMERICHOST);
198 | 	if (ret) {
199 | 		log_warnx("getnameinfo: %s", gai_strerror(ret));
200 | 		return (-1);
201 | 	}
202 | 
203 | 	ret = getnameinfo((struct sockaddr *)&s->dstaddr, s->dstlen,
204 | 	    dstaddr, sizeof(dstaddr), NULL, 0,
205 | 	    NI_NUMERICHOST);
206 | 	if (ret) {
207 | 		log_warnx("getnameinfo: %s", gai_strerror(ret));
208 | 		return (-1);
209 | 	}
210 | 
211 | 	ret = snprintf(buf, buflen, "from %s port %u via %s port %u",
212 | 	    srcaddr, s->srcport, dstaddr, s->dstport);
213 | 	if (ret < 0 || (size_t)ret >= buflen)
214 | 		return (-1);
215 | 	return (ret);
216 | }
217 | 


--------------------------------------------------------------------------------