| Commit message (Collapse) | Author | Age |
... | |
| |
| |
| |
| |
| |
| |
| | |
Some of the merged branch introduced new functions with the { on the
next line. Fix them.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
|
| |
| |
| |
| |
| |
| |
| |
| | |
It's simply wrong for the ucgi machinery to report status 200 OK when it
encounters trouble (e.g., the CGI program doesn't actually exist).
So report a useful status code as part of `error' or `syserror'. We
assume that the latter is always a server-side error; the former might
be either, so we must annotate each call as appropriate.
|
| | |
|
| |
| |
| |
| |
| | |
Makes the code a bit easier to follow, and prepares the ground for the
next change.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `SSL_*' variables are used to pass information about SSL or TLS,
including the cipher suite in use, and the status of client
authentication.
The `REDIRECT_*' variables are used to pass information about a failed
request to a CGI script run as an Apache `ErrorDocument' or similar.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sites can now configure `ucgi's environment filters, and end users can
configure `ucgitarget's filters.
By default, `ucgi' will look in `/etc/userv/ucgi.env-filter', but if
`UCGI_ENV_FILTER' is set in its environment, it will look there
instead. The filter may contain wildcards and so on.
By default, `ucgitarget' looks in `.userv/ucgitarget.env-filter', or
`/etc/userv/ucgitarget.env-filter', if the former doesn't exist; but if
passed a `-e FILTER' option on its command line, it will look in the
file FILTER instead. This filter may /not/ contain wildcards.
In both cases, if an explicitly named filter file can't be found then
the program fails; if the default filter files can't be found then they
fall back to built-in lists.
The reason for the asymmetry in interfaces is: it's hard to pass
command-line options to CGI scripts from webservers, but pretty easy to
set environment variables; whereas it's hard to pass environment
variables to a service program in a Userv configuration file, but easy
to pass command-line arguments.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's no great need for `ucgi' to have a fierce whitelist of
environment variables to be passed to the service. We'll assume that
the webserver hasn't put any critical secrets in its environment with
unfortunate names; and the service shouldn't put any trust in the
caller's filtering anyway. If the webserver end takes a more relaxed
approach, we can leave questions of policy regarding environment
filtering largely up to the service -- which is the bit that users
actually have some control over.
To this end, therefore, move the main whitelist to `ucgitarget.c', and
put small list, containing some wildcard patterns, in `ucgi.c'.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rather than have a different loop in each program which trundles through
a filter list picking up environment variables and doing things to the
ones that match, invent a new function `filter_environment' which does
the job, with extra steroids.
The new function works the other way around: it iterates over the
environment, comparing each variable to the filter list. It also
supports some simple prefix-matching (`*' suffix) and blacklisting (`!'
prefix) operations.
Some new limits are introduced, on the maximum length of an environment
variable name, and the total number of variables accepted by `ucgi':
this is because these are no longer limited implicitly by the whitelist,
since it may contain wildcards and suchlike.
|
| |
| |
| |
| |
| | |
Move the state for building the command line into a structure, and
introduce a function for adding an argument. We'll want this later.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The trace goes to standard output, and only happens when debugging is
turned on, both operationally (e.g., though the `ucgi-debug' link or
USERV_U_DEBUG variable) and at compile time (with the DEBUG macro, which
you can set, e.g., with `make DEBUG="-g -DDEBUG"'.
Trace output lines start with `;;'.
I'll be grateful for this when I start shaking things up.
|
| |
| |
| |
| | |
Both programs will want it soon enough.
|
| |
| |
| |
| |
| | |
There's nothing useful in `errno'. Let's not end up saying `Success'
here.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
- no longer guard with calls to id, as adduser --quiet is idempotent
- pass --shell /bin/false and --no-create-home
|
| |
| |
| |
| | |
to userv-dyndns.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Output is now identical except that:
* changelog.Debian.gz -> changelog.gz symlink no longer present
* DEBIAN/md5sums now _is_ present
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| | |
login.chiark.greenend.org.uk:/home/ian/public-git/userv-utils
|
| | |
|
| | |
|
| | |
|
| | |
|