diff --git a/go.mod b/go.mod index 1fc38aa..de55a28 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/qbit/gavin +module suah.dev/gavin go 1.13 diff --git a/main.go b/main.go index 84f28a6..c7226ab 100644 --- a/main.go +++ b/main.go @@ -11,16 +11,16 @@ import ( "path/filepath" "time" - "github.com/qbit/gavin/pu" "golang.org/x/crypto/bcrypt" "golang.org/x/net/webdav" + "suah.dev/gavin/pu" ) var ( davDir string listen string passPath string - prefix string + davPath string staticDir string users map[string]string ) @@ -29,20 +29,21 @@ func init() { users = make(map[string]string) dir, err := filepath.Abs(filepath.Dir(os.Args[0])) if err != nil { - log.Fatalln(err); + log.Fatalln(err) } flag.StringVar(&davDir, "davdir", dir, "Directory to serve over WebDAV.") flag.StringVar(&listen, "http", ":8080", "Listen on") flag.StringVar(&passPath, "htpass", fmt.Sprintf("%s/.htpasswd", dir), "Path to .htpasswd file..") - flag.StringVar(&prefix, "prefix", "/dav/", "Prefix to serve davdir from.") - flag.StringVar(&staticDir, "static", dir, "Directory to serve static resources from.") + flag.StringVar(&davPath, "davpath", "/dav/", "Directory containing files to serve over WebDAV.") + flag.StringVar(&staticDir, "static", dir, "Directory to serve static resources from. Served at '/'.") flag.Parse() - pu.U(staticDir, "r") - pu.U(passPath, "r") - pu.U(davDir, "rwc") - err = pu.UBlock() + // These are OpenBSD specific protections used to prevent un-necesary file access. + pu.Unveil(staticDir, "r") + pu.Unveil(passPath, "r") + pu.Unveil(davDir, "rwc") + err = pu.UnveilBlock() if err != nil { log.Fatal(err) } @@ -81,7 +82,7 @@ func validate(user string, pass string) bool { func main() { wdav := &webdav.Handler{ - Prefix: prefix, + Prefix: davPath, LockSystem: webdav.NewMemLS(), FileSystem: webdav.Dir(davDir), Logger: func(r *http.Request, err error) { @@ -99,7 +100,7 @@ func main() { mux := http.NewServeMux() mux.Handle("/", http.FileServer(http.Dir(staticDir))) - mux.HandleFunc(prefix, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc(davPath, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { user, pass, ok := r.BasicAuth() if !(ok && validate(user, pass)) { w.Header().Set("WWW-Authenticate", `Basic realm="davfs"`) diff --git a/pu/pu.go b/pu/pu.go index c5b008f..7d24179 100644 --- a/pu/pu.go +++ b/pu/pu.go @@ -4,10 +4,14 @@ package pu import "fmt" -func U(path string, perms string) { - fmt.Printf("WARNING: no unveil (%s, %s)\n", path, perms) -} - -func UBlock() error { +func Pledge(promisess string) { + return nil +} + +func Unveil(path string, perms string) { + return nil +} + +func UnveilBlock() error { return nil } diff --git a/pu/pu_openbsd.go b/pu/pu_openbsd.go index 4b18e2d..42af282 100644 --- a/pu/pu_openbsd.go +++ b/pu/pu_openbsd.go @@ -6,10 +6,14 @@ import ( "golang.org/x/sys/unix" ) -func U(path string, perms string) { +func Pledge(promises string) { + unix.PledgePromises(promises) +} + +func Unveil(path string, perms string) { unix.Unveil(path, perms) } -func UBlock() error { +func UnveilBlock() error { return unix.UnveilBlock() }