From 1f519d05bfdf27814bcb9d4e81ed00b0c1068dd6 Mon Sep 17 00:00:00 2001 From: tjpcc Date: Fri, 8 Sep 2023 14:54:53 -0600 Subject: Initial commit. A gemini server which drops privileges to the 'nobody' user, hosts files including directory listings (index.gmi or a default listing), and runs CGIs out of /cgi-bin/*. --- config.go | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 config.go (limited to 'config.go') diff --git a/config.go b/config.go new file mode 100644 index 0000000..f89ca6a --- /dev/null +++ b/config.go @@ -0,0 +1,70 @@ +package main + +import ( + "context" + "os" + "os/signal" + "os/user" + "strconv" + "syscall" + + "tildegit.org/tjp/sliderule/logging" +) + +type config struct { + hostname string + + geminiRoot string + + tlsKeyFile string + tlsCertFile string +} + +func configure() config { + return config{ + hostname: os.Getenv("HOST_NAME"), + geminiRoot: os.Getenv("GEMINI_ROOT"), + tlsKeyFile: os.Getenv("TLS_KEY_FILE"), + tlsCertFile: os.Getenv("TLS_CERT_FILE"), + } +} + +func dropPrivileges() (bool, error) { + me, err := user.Current() + if err != nil { + return false, err + } + + if me.Uid != "0" { + return false, nil + } + + nobody, err := user.Lookup("nobody") + if err != nil { + return false, err + } + uid, err := strconv.Atoi(nobody.Uid) + if err != nil { + return false, err + } + + if err := syscall.Setuid(uid); err != nil { + return false, err + } + return true, nil +} + +func serverContext() (context.Context, logging.Logger, logging.Logger, logging.Logger, logging.Logger) { + debug, info, warn, err := logging.DefaultLoggers() + ctx := signals(context.Background()) + ctx = context.WithValue(ctx, "debuglog", debug) + ctx = context.WithValue(ctx, "infolog", info) + ctx = context.WithValue(ctx, "warnlog", warn) + ctx = context.WithValue(ctx, "errorlog", err) + return ctx, debug, info, warn, err +} + +func signals(ctx context.Context) context.Context { + ctx, _ = signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGHUP) + return ctx +} -- cgit v1.2.3