commit 1a1911226d27e2072fe9090035c008e5e4ebce49
parent 8355aa994410e4df4cca7fb3a302a7ff1d26ad34
Author: Christoph Lohmann <20h@r-36.net>
Date: Sat, 2 Apr 2022 23:25:58 +0200
Add encryption only mode to geomyidae.
Diffstat:
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/geomyidae.8 b/geomyidae.8
@@ -170,7 +170,8 @@ Activate gopher TLS and use the private key
.Ar keyfile
and the public key
.Ar certfile
-for TLS connections (if the feature is compiled in.)
+for TLS connections (if the feature is compiled in.) See ENCRYPTION ONLY
+support below.
.El
.
.Sh FORMATTING
@@ -527,6 +528,10 @@ ex.
.D1 Qo "/PICS" Qc for a directory access
.El
.
+.Sh ENCRYPTION ONLY
+If you set the sticky bit (chmod +t) on some file or directory, geomyidae
+will only serve it over an encrypted connection.
+.
.Sh FILES
README, LICENSE, CGI, index.gph, rc.d/, LINKS, gph/
.
diff --git a/main.c b/main.c
@@ -67,6 +67,8 @@ char *notfounderr = "3Sorry, but the requested token '%s' could not be found.\tE
"\tlocalhost\t70\r\n";
char *toolongerr = "3Sorry, but the requested token '%s' is a too long path.\tErr"
"\tlocalhost\t70\r\n";
+char *tlserr = "3Sorry, but the requested token '%s' requires an encrypted connection.\tErr"
+ "\tlocalhost\t70\r\n";
char *htredir = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n"
" \"DTD/xhtml-transitional.dtd\">\n"
@@ -275,6 +277,13 @@ handlerequest(int sock, char *req, int rlen, char *base, char *ohost,
}
if (stat(path, &dir) != -1) {
+ if ((dir.st_mode & S_ISVTX) && !istls) {
+ dprintf(sock, tlserr, recvc);
+ if (loglvl & ERRORS)
+ logentry(clienth, clientp, recvc, "not found");
+ return;
+ }
+
if (S_ISDIR(dir.st_mode)) {
for (i = 0; i < sizeof(indexf)/sizeof(indexf[0]);
i++) {
