From f7b4be5ac332970bb5937ae586cea6de64d14f66 Mon Sep 17 00:00:00 2001
Message-Id: <f7b4be5ac332970bb5937ae586cea6de64d14f66.1714870291.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Wed, 30 Jan 2013 00:35:02 +0000
Subject: [PATCH] www-cgi/: Allow customization of the environment filters.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

Sites can now configure `ucgi's environment filters, and end users can
configure `ucgitarget's filters.

By default, `ucgi' will look in `/etc/userv/ucgi.env-filter', but if
`UCGI_ENV_FILTER' is set in its environment, it will look there
instead.  The filter may contain wildcards and so on.

By default, `ucgitarget' looks in `.userv/ucgitarget.env-filter', or
`/etc/userv/ucgitarget.env-filter', if the former doesn't exist; but if
passed a `-e FILTER' option on its command line, it will look in the
file FILTER instead.  This filter may /not/ contain wildcards.

In both cases, if an explicitly named filter file can't be found then
the program fails; if the default filter files can't be found then they
fall back to built-in lists.

The reason for the asymmetry in interfaces is: it's hard to pass
command-line options to CGI scripts from webservers, but pretty easy to
set environment variables; whereas it's hard to pass environment
variables to a service program in a Userv configuration file, but easy
to pass command-line arguments.
---
 www-cgi/ucgi.c       | 13 +++++++++--
 www-cgi/ucgi.h       |  4 ++++
 www-cgi/ucgicommon.c | 55 ++++++++++++++++++++++++++++++++++++++++++++
 www-cgi/ucgitarget.c | 30 ++++++++++++++++++++----
 4 files changed, 96 insertions(+), 6 deletions(-)

diff --git a/www-cgi/ucgi.c b/www-cgi/ucgi.c
index 006f8ae..a2ebe64 100644
--- a/www-cgi/ucgi.c
+++ b/www-cgi/ucgi.c
@@ -30,7 +30,7 @@
 
 #include "ucgi.h"
 
-static const char *const envok[] = {
+static const char *const default_envok[] = {
   "AUTH_TYPE",
   "CONTENT_TYPE",
   "CONTENT_LENGTH",
@@ -73,7 +73,8 @@ static void add_userv_var(const char *fulln,
 
 int main(int argc, const char **argv) {
   char *username;
-  const char *slash2, *pathi, *av;
+  const char *slash2, *pathi, *ev, *av;
+  const char *const *envok;
   size_t usernamelen, l;
   struct buildargs args;
   pid_t child, rchild;
@@ -91,6 +92,14 @@ int main(int argc, const char **argv) {
   
   if (argc > MAX_ARGS) error("too many arguments");
 
+  ev= getenv("UCGI_ENV_FILTER");
+  if (ev)
+    envok= load_filters(LOADF_MUST, ev, LF_END);
+  else {
+    envok= load_filters(0, "/etc/userv/ucgi.env-filter", LF_END);
+    if (!envok) envok= default_envok;
+  }
+
   pathi= getenv("PATH_INFO");
   if (!pathi) error("PATH_INFO not found");
   D( if (debugmode) {
diff --git a/www-cgi/ucgi.h b/www-cgi/ucgi.h
index 9d69ed9..765367a 100644
--- a/www-cgi/ucgi.h
+++ b/www-cgi/ucgi.h
@@ -42,6 +42,10 @@ void *xmalloc(size_t sz);
 void xsetenv(const char *en, const char *ev, int overwrite);
 void *xrealloc(void *ptr, size_t sz);
 
+const char **load_filters(unsigned flags, const char *first, ...);
+#define LOADF_MUST 1u
+#define LF_END ((const char *)0)
+
 void filter_environment(unsigned flags, const char *prefix_in,
 			const char *const *patv,
 			void (*foundone)(const char *fulln, const char *en,
diff --git a/www-cgi/ucgicommon.c b/www-cgi/ucgicommon.c
index 168641b..db8c75d 100644
--- a/www-cgi/ucgicommon.c
+++ b/www-cgi/ucgicommon.c
@@ -18,6 +18,8 @@
  * $Id$
  */
 
+#include <ctype.h>
+#include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
@@ -69,6 +71,59 @@ void xsetenv(const char *en, const char *ev, int overwrite) {
   if (setenv(en,ev,overwrite)) syserror("setenv");
 }
 
+const char **load_filters(unsigned flags, const char *first, ...)
+{
+  va_list ap;
+  const char *name, *p, *q, **v;
+  char *pp;
+  size_t l, n, sz;
+  FILE *fp;
+  char buf[MAX_ENVVAR_NAME];
+
+  D( if (debugmode) printf(";; load_filters...\n"); )
+  va_start(ap, first);
+  for (name= first; name; name= va_arg(ap, const char *)) {
+    fp= fopen(name, "r"); if (fp) goto opened;
+    D( if (debugmode)
+	 printf(";;   file `%s': %s\n", name, strerror(errno)); )
+    if (errno != ENOENT) syserror("failed to open environment filters");
+  }
+  va_end(ap);
+  if (flags & LOADF_MUST) syserror("failed to open environment filters");
+  D( if (debugmode) printf(";;   using default filters\n"); )
+  return 0;
+
+opened:
+  va_end(ap);
+  D( if (debugmode) printf(";;   file `%s': OK\n", name); )
+
+  n= 0; sz= 128; v= xmalloc(sz * sizeof(*v));
+  for (;;) {
+    if (!fgets(buf, sizeof(buf), fp)) break;
+    l= strlen(buf);
+    if (buf[l - 1] == '\n') buf[--l]= 0;
+    if (l + 1 == sizeof(buf))
+      error("line too long in environment filter file");
+    p= buf; q= p + l;
+    while (isspace((unsigned char)*p)) p++;
+    while (q > p && isspace((unsigned char)q[-1])) q--;
+    if (*p == '#' || p == q) continue;
+    l= q - p;
+    pp= xmalloc(l + 1);
+    memcpy(pp, p, l);
+    pp[l]= 0;
+    v[n++]= pp;
+    D( if (debugmode) printf(";;   filter: `%s'\n", pp); )
+    if (n >= sz) {
+      sz *= 2;
+      v= xrealloc(v, sz * sizeof(*v));
+    }
+  }
+  if (ferror(fp)) syserror("failed to read environment filters");
+  fclose(fp);
+  return v;
+}
+
 void filter_environment(unsigned flags, const char *prefix_in,
 			const char *const *patv,
 			void (*foundone)(const char *fulln,
diff --git a/www-cgi/ucgitarget.c b/www-cgi/ucgitarget.c
index 9780e36..6c579b6 100644
--- a/www-cgi/ucgitarget.c
+++ b/www-cgi/ucgitarget.c
@@ -25,6 +25,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
+#include <getopt.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -32,7 +33,7 @@
 
 #include "ucgi.h"
 
-static const char *const envok[]= {
+static const char *const default_envok[]= {
   "AUTH_TYPE",
   "CONTENT_LENGTH",
   "CONTENT_TYPE",
@@ -85,13 +86,15 @@ static void setenvar(const char *fulln,
   unsetenv(fulln);
 }
 
-int main(int argc, const char **argv) {
+int main(int argc, char **argv) {
   char *scriptpath, *newvar;
   const char *nextslash, *lastslash, *pathi, *ev, *ev2, *scriptdir, *av;
+  const char *const *envok;
   const char **arguments;
   size_t scriptdirlen, scriptpathlen, l;
   struct stat stab;
-  int r, nargs;
+  int i, r, nargs;
+  const char *filters= 0;
 
   ev= getenv("USERV_U_DEBUG");
   if (ev && *ev) debugmode= 1;
@@ -99,7 +102,16 @@ int main(int argc, const char **argv) {
   D( if (debugmode) printf(";;; UCGITARGET\n"); )
   if (argc > MAX_ARGS) error("too many arguments");
 
-  if (!*++argv) error("no script directory argument");
+  for (;;) {
+    i= getopt(argc, argv, "+e:"); if (i < 0) break;
+    switch (i) {
+    case 'e': filters= optarg; break;
+    default: error("bad command line"); break;
+    }
+  }
+  argc -= optind; argv += optind;
+
+  if (!*argv) error("no script directory argument");
   ev= getenv("HOME"); if (!ev) error("no HOME env. var");
   l= strlen(*argv)+strlen(ev);
   newvar= xmalloc(l+2);
@@ -107,6 +119,16 @@ int main(int argc, const char **argv) {
   scriptdir= newvar;
   scriptdirlen= strlen(scriptdir);
 
+  if (filters)
+    envok= load_filters(LOADF_MUST, filters, LF_END);
+  else {
+    envok= load_filters(0,
+			".userv/ucgitarget.env-filter",
+			"/etc/userv/ucgitarget.env-filter",
+			LF_END);
+    if (!envok) envok= default_envok;
+  }
+
   filter_environment(0, "USERV_U_E_", envok, setenvar, 0);
 
   scriptpath= 0;
-- 
[mdw]