No description
Find a file
2020-05-26 07:36:53 +02:00
doc correctly spawn multiple tcp listeners for each address 2020-05-26 07:36:53 +02:00
src correctly spawn multiple tcp listeners for each address 2020-05-26 07:36:53 +02:00
.gitattributes initial commit 2020-05-14 21:49:38 +02:00
.gitignore initial commit 2020-05-14 21:49:38 +02:00
Cargo.lock mime type handling and setuid/setgid support 2020-05-17 12:54:10 +02:00
Cargo.toml mime type handling and setuid/setgid support 2020-05-17 12:54:10 +02:00
LICENSE.md initial commit 2020-05-14 21:49:38 +02:00
README.md correctly adhere to spec in most request cases 2020-05-26 06:49:20 +02:00

Sheldon Director

A Gemini Server written in Rust.

Features

This can't do much right now besides hosting some static files. In fact, the feature set happens to be limited to what I need to host my own Gemini page. Coincidence?

More is to come however. Specifically I'd want to add CGI support. And maybe reverse proxy support as well, depending on how much stuff I'll be hosting over Gemini.

Platform Support

This currently only works on Unix platforms as setuid and setgid system calls are used to drop the privilege level after initialization. Currently there is no way to disable this. Of course, Gemini's default port (1965) can be opened in user-mode, but not changing the user after startup would retain read permissions to the private key.

Building

Set up a Cargo build environment, then simply run

cargo build

to create a debug build or

cargo build --release

to create a release build.

Starting

Sheldon Director looks for a config file in /etc/sheldond.conf. If you want to change this, pass an alternative path on startup using the -c parameter. Use -h to get a list of all supported command line arguments.

You'll need a TLS certificate, I've chosen not to include an example in this repository. Use OpenSSL to quickly generate one:

openssl req -x509 -newkey rsa:4096 -keyout doc/key.pem -out doc/cert.pem -days 365 -nodes

An example config file can be found in this repository in doc/sheldond.conf. Use it to serve the content of the doc/ directory on localhost:

sudo ./target/debug/sheldond -c ./doc/sheldond.conf

Try connecting to gemini://localhost via your favorite Gemini client!

Note: This sets the user to nobody and the group to nobody as well. This naming scheme is not consistent for all Unix systems... Try changing the group name to nogroup if the software fails to start.

Testing

As you may have spotted, I did not get around to write a test suite for this. The server's behavior can be tested using the gemini-diagnostics suite by michael-lazar. It passes all "important" tests (some malformed requests are still handled). Most importantly: the URLDotEscape tests fails. This does not mean you can successfully a URL escape attack against this, rather the URL library I use already parses out any superfluous ..'s. e.g. "localhost/../../../etc/passwd" already became "localhost/etc/passwd" once I receive the parsed URL from the library.

Why "Sheldon Director"?

Because it is the real name of that villain in Kim Possible who went by the pseudonym "Gemini". (https://kimpossible.fandom.com/wiki/Gemini)

Though you are free to imagine the shortened name stands for Sheldon Daemon. But in that case you'll have to come up with your own explanation.