1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/* ISC license. */
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <regex.h>
#include <skalibs/posixplz.h>
#include <skalibs/bytestr.h>
#include <skalibs/stat.h>
#include <skalibs/prog.h>
#include <skalibs/buffer.h>
#include <skalibs/strerr.h>
#include <skalibs/gol.h>
#include <skalibs/fmtscan.h>
#include <skalibs/exec.h>
#define USAGE "as a CGI script: cgiwrapper-nollmcrawler [ -v verbosity ] [ -d pathinfodepth ] rulesdir badregex realcgit..."
#define dieusage() strerr_dieusage(100, USAGE)
enum golb_e
{
GOLB_FORCE = 0x01
} ;
static gol_bool const rgolb[] =
{
{ .so = 'f', .lo = "force", .clear = 0, .set = GOLB_FORCE }
} ;
enum gola_e
{
GOLA_VERBOSITY,
GOLA_DEPTH,
GOLA_N
} ;
static gol_arg const rgola[] =
{
{ .so = 'v', .lo = "verbosity", .i = GOLA_VERBOSITY },
{ .so = 'd', .lo = "pathinfo-depth", .i = GOLA_DEPTH }
} ;
int main (int argc, char const *const *argv)
{
unsigned int verbosity = 1 ;
char const *wgola[GOLA_N] = { 0 } ;
uint64_t wgolb = 0 ;
unsigned int golc ;
unsigned int depth = 0 ;
char const *remoteaddr ;
char const *x ;
size_t rdlen, m = 0 ;
char ip[16] ;
int is6 ;
PROG = "cgit-nollmcrawler" ;
golc = GOL_main(argc, argv, rgolb, rgola, &wgolb, wgola) ;
argc -= golc ; argv += golc ;
if (wgola[GOLA_VERBOSITY] && !uint0_scan(wgola[GOLA_VERBOSITY], &verbosity))
strerr_dief1x(100, "verbosity needs to be an unsigned integer") ;
if (wgola[GOLA_DEPTH] && !uint0_scan(wgola[GOLA_DEPTH], &depth))
strerr_dief1x(100, "pathinfo-depth needs to be an unsigned integer") ;
if (argc < 3) dieusage() ;
remoteaddr = getenv("REMOTE_ADDR") ;
if (ip6_scan(remoteaddr, ip)) is6 = 1 ;
else if (ip4_scan(remoteaddr, ip)) is6 = 0 ;
else strerr_dieinvalid(100, "REMOTE_ADDR") ;
rdlen = strlen(argv[0]) ;
char fn[rdlen + IP6_FMT + 16] ;
memcpy(fn + m, argv[0], rdlen) ; m += rdlen ;
memcpy(fn + m, "/ip", 3) ; m += 3 ;
fn[m++] = is6 ? '6' : '4' ;
fn[m++] = '/' ;
m += is6 ? ip6_fmt(fn + m, ip) : ip4_fmt(fn + m, ip) ;
fn[m++] = '_' ;
memcpy(fn + m, is6 ? "128" : "32", is6 ? 3 : 2) ; m += 2 + is6 ;
fn[m] = 0 ;
memcpy(fn + m, "/allow", 7) ;
if (access(fn, W_OK) == 0) goto allow ;
if (errno != ENOENT) strerr_diefu2sys(111, "access ", fn) ;
memcpy(fn + m + 1, "deny", 5) ;
if (access(fn, W_OK) == 0) goto deny ;
if (errno != ENOENT) strerr_diefu2sys(111, "access ", fn) ;
fn[m] = 0 ;
if (depth)
{
x = getenv("PATH_INFO") ;
if (!x) goto writeandallow ;
if (byte_count(x, strlen(x), '/') <= depth) goto writeandallow ;
}
x = getenv("QUERY_STRING") ;
if (!x) goto writeandallow ;
{
regex_t re ;
int e = regcomp(&re, argv[1], REG_EXTENDED) ;
if (e == REG_BADPAT) strerr_dief2x(100, "invalid regex: ", argv[1]) ;
if (e)
{
char fmt[INT_FMT] ;
fmt[int_fmt(fmt, e)] = 0 ;
strerr_diefu4x(111, "regcomp ", argv[1], ": error code is ", fmt) ;
}
e = regexec(&re, x, 0, 0, REG_NOSUB) ;
if (e == 0) goto writeanddeny ;
if (e != REG_NOMATCH)
{
char fmt[INT_FMT] ;
fmt[int_fmt(fmt, e)] = 0 ;
strerr_diefu4x(111, "regexec ", argv[1], ": error code is ", fmt) ;
}
// regfree(&re) ;
}
writeandallow:
if (symlink("../outputs/allow", fn) == -1)
{
if (errno != EEXIST) strerr_diefu4sys(111, "symlink ", "../outputs/allow", " to ", fn) ;
}
if (verbosity >= 2)
{
x = getenv("REQUEST_URI") ;
strerr_warni("allowing ", remoteaddr, " requesting ", x) ;
}
allow:
exec(argv + 2) ;
strerr_dieexec(111, argv[2]) ;
writeanddeny:
if (symlink("../outputs/deny", fn) == -1)
{
if (errno != EEXIST) strerr_diefu4sys(111, "symlink ", "../outputs/deny", " to ", fn) ;
}
deny:
buffer_putsflush(buffer_1small, "Status: 403 Go fuck yourself, crawler\nContent-Length: 0\n\n") ;
_exit(0) ;
}
|
