Compare commits
No commits in common. "87fcd5a435c0fdc229be6a7606f1f76384c2b9c9" and "8f75f889505ad56660fe8924df92c5ff6d525ebc" have entirely different histories.
87fcd5a435
...
8f75f88950
3 changed files with 196 additions and 2 deletions
1
bin.c
1
bin.c
|
@ -2,6 +2,7 @@
|
||||||
* bin.c
|
* bin.c
|
||||||
* Pastes handling.
|
* Pastes handling.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
* Copyright (c) 2022
|
* Copyright (c) 2022
|
||||||
* Tom MTT. <tom@heimdall.pm>
|
* Tom MTT. <tom@heimdall.pm>
|
||||||
*
|
*
|
||||||
|
|
183
feuille.1
Normal file
183
feuille.1
Normal file
|
@ -0,0 +1,183 @@
|
||||||
|
.\" Automatically generated by Pandoc 2.17.1.1
|
||||||
|
.\"
|
||||||
|
.\" Define V font for inline verbatim, using C font in formats
|
||||||
|
.\" that render this, and otherwise B font.
|
||||||
|
.ie "\f[CB]x\f[]"x" \{\
|
||||||
|
. ftr V B
|
||||||
|
. ftr VI BI
|
||||||
|
. ftr VB B
|
||||||
|
. ftr VBI BI
|
||||||
|
.\}
|
||||||
|
.el \{\
|
||||||
|
. ftr V CR
|
||||||
|
. ftr VI CI
|
||||||
|
. ftr VB CB
|
||||||
|
. ftr VBI CBI
|
||||||
|
.\}
|
||||||
|
.TH "FEUILLE" "1" "November 2022" "feuille 0.1.0" ""
|
||||||
|
.hy
|
||||||
|
.SH NAME
|
||||||
|
.PP
|
||||||
|
\f[B]feuille\f[R] - socket-based pastebin
|
||||||
|
.SH SYNOPSYS
|
||||||
|
.PP
|
||||||
|
\f[B]feuille\f[R] [-abfhiopstuUvVw]
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
\f[B]feuille\f[R] is a fast, dead-simple socket-based pastebin that
|
||||||
|
allows a user to send text, logs or code to your server.
|
||||||
|
It focuses on speed, code quality, and security.
|
||||||
|
.SH OPTIONS
|
||||||
|
.TP
|
||||||
|
\f[B]-a address\f[R]
|
||||||
|
Sets the address that \f[B]feuille\f[R] will listen on.
|
||||||
|
If set to \f[V]*\f[R], \f[B]feuille\f[R] will listen on the IPv6 address
|
||||||
|
\f[V]::\f[R] and enable dual-stack mode, which makes \f[B]feuille\f[R]
|
||||||
|
listen on both IPv4 and IPv6 addresses (won\[cq]t work on OpenBSD).
|
||||||
|
Default: \f[V]0.0.0.0\f[R]
|
||||||
|
.TP
|
||||||
|
\f[B]-b bytes\f[R]
|
||||||
|
Sets the buffer size (in bytes) used to receive data from a client.
|
||||||
|
A smaller buffer means more memory allocations and exchanges with the
|
||||||
|
connection, while a larger buffer induces less memory allocations but
|
||||||
|
more loss if not filled completely.
|
||||||
|
The difference is minimal, no need to worry about it.
|
||||||
|
Default: \f[V]131072\f[R]B (128KiB)
|
||||||
|
.TP
|
||||||
|
\f[B]-f\f[R]
|
||||||
|
Makes \f[B]feuille\f[R] run in the forground.
|
||||||
|
Default: runs in the background
|
||||||
|
.TP
|
||||||
|
\f[B]-h\f[R]
|
||||||
|
Displays **feuille*\[cq]s help page.
|
||||||
|
.TP
|
||||||
|
\f[B]-i length\f[R]
|
||||||
|
Sets the minimum ID length in characters.
|
||||||
|
If a paste with the same ID exists, the length will be increased (for
|
||||||
|
that paste only).
|
||||||
|
Default: \f[V]4\f[R] (Maximum: \f[V]254\f[R])
|
||||||
|
.TP
|
||||||
|
\f[B]-p port\f[R]
|
||||||
|
Sets the port that \f[B]feuille\f[R] will listen on.
|
||||||
|
Default: \f[V]8888\f[R]
|
||||||
|
.TP
|
||||||
|
\f[B]-o path\f[R]
|
||||||
|
Sets the path where \f[B]feuille\f[R] will output the pastes (and
|
||||||
|
chroot, if possible).
|
||||||
|
Default: \f[V]/var/www/htdocs/feuille\f[R]
|
||||||
|
.TP
|
||||||
|
\f[B]-s bytes\f[R]
|
||||||
|
Sets the maximum size for every paste (in bytes).
|
||||||
|
Default: 2097152B (2MiB)
|
||||||
|
.TP
|
||||||
|
\f[B]-t seconds\f[R]
|
||||||
|
Sets the timeout for the client to send the paste (in seconds).
|
||||||
|
If set to zero, no timeout is set.
|
||||||
|
(Not recommended.)
|
||||||
|
Default: \f[V]4\f[R]s
|
||||||
|
.TP
|
||||||
|
\f[B]-u\f[R]
|
||||||
|
Sets the user that will be used when dropping root privileges.
|
||||||
|
\f[B]Warning\f[R]: requires root privileges.
|
||||||
|
Default: \f[V]www\f[R]
|
||||||
|
.TP
|
||||||
|
\f[B]-U\f[R]
|
||||||
|
Sets the base URL which will be prepended to the ID and sent to the
|
||||||
|
client.
|
||||||
|
You do not need to put a slash at the end.
|
||||||
|
Default: \f[V]https://my.paste.bin\f[R]
|
||||||
|
.TP
|
||||||
|
\f[B]-v\f[R]
|
||||||
|
Enables verbose mode.
|
||||||
|
.TP
|
||||||
|
\f[B]-V\f[R]
|
||||||
|
Displays \f[B]feuille\f[R]\[cq]s version and authors.
|
||||||
|
.TP
|
||||||
|
\f[B]-w\f[R]
|
||||||
|
Sets the number of processes that will be spawned to handle the
|
||||||
|
connections.
|
||||||
|
Those are \f[I]real\f[R] processes, not green / posix threads, you might
|
||||||
|
not want to set this to a huge number.
|
||||||
|
Default: the number of threads configured on your machine.
|
||||||
|
.SH EXAMPLES
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille\f[R]
|
||||||
|
Runs feuille in the background, chrooting into
|
||||||
|
\f[V]/var/www/htdocs/feuille\f[R], dropping root privileges and spawning
|
||||||
|
worker processes to accept incoming connections.
|
||||||
|
.TP
|
||||||
|
\f[B]feuille -p 1337\f[R]
|
||||||
|
Runs feuille in the background \f[I]without\f[R] root privileges on port
|
||||||
|
\f[V]1337\f[R].
|
||||||
|
\f[B]feuille\f[R] won\[cq]t be able to chroot or switch to another user,
|
||||||
|
and might not be able to write to the default output folder.
|
||||||
|
.TP
|
||||||
|
\f[B]feuille -P ./pastebins/\f[R]
|
||||||
|
Same as before, but this time with a different path:
|
||||||
|
\f[V]./pastebins/\f[R].
|
||||||
|
If the folder doesn\[cq]t exist, it is created with the right
|
||||||
|
permissions.
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -U \[lq]https://bin.heimdall.pm\[rq]\f[R]
|
||||||
|
Runs feuille and sets the base address to
|
||||||
|
\f[V]https://bin.heimdall.pm\f[R].
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -w 1\f[R]
|
||||||
|
Runs feuille \[lq]single-threaded\[rq].
|
||||||
|
(Actually, there\[cq]s a main thread that does nothing and a thread that
|
||||||
|
does the actual work.)
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -fvP debug_pastes/\f[R]
|
||||||
|
Runs feuille in the foreground, with verbose mode enabled, and makes it
|
||||||
|
output its pastes to the \f[V]debug_pastes/\f[R] folder.
|
||||||
|
Useful for debugging purposes.
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -u nobody\f[R]
|
||||||
|
Runs feuille using the user \f[V]nobody\f[R], instead of user
|
||||||
|
\f[V]www\f[R].
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -s 8388608\f[R]
|
||||||
|
Runs feuille with a maximum file size of 8388608 bytes (8MiB).
|
||||||
|
.TP
|
||||||
|
\f[B]sudo feuille -t 2\f[R]
|
||||||
|
Runs feuille with a timeout of 2 seconds.
|
||||||
|
.SH LOGS
|
||||||
|
.PP
|
||||||
|
By default, \f[B]feuille\f[R] runs in the background.
|
||||||
|
The logs should be located at \f[V]/var/log/messages\f[R], if using a
|
||||||
|
standard syslog daemon.
|
||||||
|
\f[B]feuille\f[R] doesn\[cq]t log much, be ready to use the verbose mode
|
||||||
|
for debugging purposes.
|
||||||
|
.SH EXIT VALUES
|
||||||
|
.TP
|
||||||
|
\f[B]0\f[R]
|
||||||
|
Success
|
||||||
|
.TP
|
||||||
|
\f[B]1\f[R]
|
||||||
|
Unspecified error
|
||||||
|
.TP
|
||||||
|
\f[B]34\f[R]
|
||||||
|
Specified number is out of range
|
||||||
|
.TP
|
||||||
|
\f[B]Other\f[R]
|
||||||
|
Error has been set by a C function
|
||||||
|
.SH BUGS
|
||||||
|
.PP
|
||||||
|
IPs aren\[cq]t logged.
|
||||||
|
It\[cq]s not a bug, it\[cq]s a feature.
|
||||||
|
.PP
|
||||||
|
Apart from that, none at the moment, as far as I know.
|
||||||
|
.SH COPYRIGHT
|
||||||
|
.PP
|
||||||
|
Copyright \[co] 2022 Tom MTT.
|
||||||
|
<tom@heimdall.pm> This program is free software, licensed under the
|
||||||
|
3-Clause BSD License.
|
||||||
|
See LICENSE for more information.
|
||||||
|
.SH APPENDICES
|
||||||
|
.PP
|
||||||
|
Heavily inspired by fiche (https://github.com/solusipse/fiche).
|
||||||
|
.PP
|
||||||
|
I entirely \[lq]rewrote\[rq] fiche from scratch because I wasn\[cq]t
|
||||||
|
happy with some of its features and its overall code quality.
|
||||||
|
.SH AUTHORS
|
||||||
|
Tom MTT. <tom@heimdall.pm>.
|
14
feuille.c
14
feuille.c
|
@ -83,6 +83,11 @@ void version(void)
|
||||||
*/
|
*/
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
|
/* pledge stage 1 */
|
||||||
|
#ifdef __OpenBSD__
|
||||||
|
pledge("stdio rpath wpath cpath inet chown getpw proc id", "stdio wpath inet");
|
||||||
|
#endif
|
||||||
|
|
||||||
/* locale */
|
/* locale */
|
||||||
setlocale(LC_ALL, "");
|
setlocale(LC_ALL, "");
|
||||||
|
|
||||||
|
@ -292,9 +297,9 @@ int main(int argc, char *argv[])
|
||||||
freopen("/dev/null", "w", stderr);
|
freopen("/dev/null", "w", stderr);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* OpenBSD-only security measures */
|
/* pledge stage 2 */
|
||||||
#ifdef __OpenBSD__
|
#ifdef __OpenBSD__
|
||||||
pledge("stdio proc inet", "stdio wpath inet");
|
pledge("stdio proc inet", NULL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* create a thread pool for incoming connections */
|
/* create a thread pool for incoming connections */
|
||||||
|
@ -379,6 +384,11 @@ int main(int argc, char *argv[])
|
||||||
die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno));
|
die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* pledge stage 3 */
|
||||||
|
#ifdef __OpenBSD__
|
||||||
|
pledge("stdio", NULL);
|
||||||
|
#endif
|
||||||
|
|
||||||
sleep(1);
|
sleep(1);
|
||||||
|
|
||||||
verbose(1, "all workers have been initialized.");
|
verbose(1, "all workers have been initialized.");
|
||||||
|
|
Reference in a new issue