index.c - libgcgi - REST library for Gopher
HTML git clone git://bitreich.org/libgcgi/ git://enlrupgkhuxnvlhsf6lc3fziv5h2hhfrinws65d7roiv6bfj7d652fid.onion/libgcgi/
DIR Log
DIR Files
DIR Refs
DIR Tags
DIR README
DIR LICENSE
---
index.c (1602B)
---
1 #include <errno.h>
2 #include <stddef.h>
3 #include <stdio.h>
4 #include <string.h>
5 #include <unistd.h>
6
7 #ifdef __linux__
8 #include <seccomp.h>
9 #endif
10
11 #include "libgcgi.h"
12
13 static void
14 page_not_found(char **matches)
15 {
16 struct gcgi_var_list vars = {0};
17
18 gcgi_read_var_list(&vars, "db/vars");
19 gcgi_set_var(&vars, "page", matches[0]);
20 gcgi_template("gph/page_not_found.gph", &vars);
21 }
22
23 static struct gcgi_handler handlers[] = {
24 { "*", page_not_found },
25 { NULL, NULL },
26 };
27
28 int
29 main(int argc, char **argv)
30 {
31
32 #if defined(__OpenBSD__)
33 if (unveil("gph", "r") == -1 || unveil("db", "rwc") == -1)
34 gcgi_fatal("unveil failed: %s", strerror(errno));
35 if (pledge("stdio rpath wpath cpath", NULL) == -1)
36 gcgi_fatal("pledge failed: %s", strerror(errno));
37 #elif defined(__linux__)
38 scmp_filter_ctx ctx;
39 if (chroot(".") == -1)
40 gcgi_fatal("chroot failed");
41 if ((ctx = seccomp_init(SCMP_ACT_KILL)) == NULL)
42 gcgi_fatal("seccomp_init failed: %s", strerror(errno));
43 if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) < 0
44 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0) < 0
45 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0) < 0
46 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0) < 0
47 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
48 SCMP_A0(SCMP_CMP_EQ, 0)) < 0)
49 gcgi_fatal("seccomp_rule_add failed");
50 if (seccomp_load(ctx) < 0)
51 gcgi_fatal("seccomp_load failed: %s", strerror(errno));
52 #else
53 #warning "no syscall restriction enabled"
54 #endif
55
56 /* handle the request with the handlers */
57 gcgi_handle_request(handlers, argv, argc);
58 return 0;
59 }