-
Notifications
You must be signed in to change notification settings - Fork 0
/
scorpiond.doc
155 lines (112 loc) · 6.03 KB
/
scorpiond.doc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
(NOTE: This program is not fully tested and may be incomplete.)
=== Configuration ===
Edit the scorpiond.config file and recompile to change the configuration.
Any one marked * below means mandatory; the others are optional and can be
commented out if they are not to be used.
Note: Where MIME types and ULFI types are expected, they are only allowed
to consist of ASCII characters 0x21 to 0x7E; spaces are not allowed.
CONFIG_MAINTENANCE
If defined, the server always responds with an error message. This must
start with 41 and then a space and then the number of seconds (or ? if
it is unknown) and then a space and the error message and then "\r\n".
Leave this undefined for normal operation.
CONFIG_MAX_REQUEST *
The maximum length of a request. Must be less than 0xFFFF.
CONFIG_MAX_NAME *
The maximum length of a file name. Must be less than CONFIG_MAX_REQUEST.
CONFIG_ROOT *
The root directory where the files are stored. This directory must
contain subdirectories whose names are the domain names of the sites
to be served. (The port number is ignored.)
CONFIG_TIMELIMIT
The time limit, in seconds. If undefined, there is no time limit.
CONFIG_UNEXPECTED_ERROR_TIME *
A string literal specifying the minimum number of seconds that the client
should wait in case of a 4x error; use "?" if it is unknown.
CONFIG_DEFAULT_MIMETYPE *
The default MIME type or ULFI type for files whose type is unknown.
CONFIG_DEFAULT_FILENAME
If defined, the default file name to use when no file name is specified.
If the file does not exist, it will be a directory listing, if enabled.
CONFIG_DIRLIST
If defined, then directory listings are allowed.
CONFIG_FILENAME_CHARSET *
The character set for file names, according to the Scorpion file format
(e.g. use 0x10 for PC character set). (This is only relevant if
CONFIG_DIRLIST is also defined; otherwise it is meaningless.)
CONFIG_SAFE_FILENAMES
If defined, then disallows some characters in file names (whitelisting).
CONFIG_ALLOW_CGI
If defined, then it is allowed to execute other programs. If not defined,
then the execute permissions are ignored.
CONFIG_CANCEL_ALARM
If defined, then any time limit that has been set by CONFIG_TIMELIMIT
will be removed before calling an external program.
CONFIG_FILEMODE_ACCESS *
The file modes needed for a client to be able to access a file. For
example, set it to (S_IRGRP|S_IROTH) if group and other must be able to
read it. All bits in the mask must be set to permit access. If this is
zero then it does not check. This applies to all files and directories,
whether or not they are executable.
CONFIG_FILEMODE_EXECUTE *
The file modes needed for a client to be able to make the server to
execute a file. For example, set it to (S_IXGRP|S_IXOTH) if group and
other must be able to execute it. All bits in the mask must be set to
execute the file, otherwise it will send the contents of the file to
the client. (This is only required if CONFIG_ALLOW_CGI is defined.)
CONFIG_USER_DIR
The name of a subdirectory of user directories which contains files for
making available by internet.
CONFIG_ALLOW_USER_CGI
If CONFIG_USER_DIR, CONFIG_ALLOW_USER_CGI, and CONFIG_ALLOW_CGI are all
defined, then it is also allowed to execute CGI programs from user
directories; otherwise, CGI programs cannot be executed from user
directories (attempting to do so always results in a 50 error if
CONFIG_ALLOW_CGI is defined but not CONFIG_ALLOW_USER_CGI).
CONFIG_ALLOW_SOCKET
If the requested file is a socket, then defining this allows the Scorpion
server to connect to the socket if it is requested. That socket must
already be listening, otherwise the connection will fail.
CONFIG_ALLOW_USER_SOCKET
If CONFIG_USER_DIR, CONFIG_ALLOW_USER_SOCKET, and CONFIG_ALLOW_SOCKET
are all defined, then it is also allowed to connect to sockets in user
directories. This might be safer than allowing CGI in user directories
since it will not run the user program with the same privileges as the
rest of the Scorpion server, although it requires that the user is able
to run background programs.
CONFIG_BUF_SIZE
Maximum buffer size (in bytes) for transfering data between sockets.
CONFIG_LOG_FILE
If defined, enable logging to the specified file. This must be a file
that scorpiond has permission to write to.
mimetypes *
An array of the file types. Each element is a structure of two elements,
the first being the last part of the file name after the "." (which it
must be sorted by) and the second being the MIME or ULFI type.
=== Usage ===
Call the program by xinetd. You can optionally specify one argument; if it
is specified then it is used instead of CONFIG_ROOT. If it is omitted, then
CONFIG_ROOT is used. See CONFIG_ROOT for what it must contain.
These directories can then contain any files. If the file name begins with
.. then it cannot be accessed.
If a file is executable then it will be executed, with the full request as
its first argument, and only the part after the file name as its second
argument; it must write the header line and all data to stdout, according
to the Scorpion protocol.
If the requested file is a socket, then it connects to the socket, and
sends four counted strings, each of which is prefixed by a big-endian
32-bit length: the part of the request up to and including the file name,
the part of the request after the file name, the client IP address, and the
client certificate (which will be empty if there is no client certificate).
After that, it communicates directly with the service, both ways.
=== Not implemented ===
So far, the following features are not implemented yet:
* TLS and client certificates
* MIME/ULFI overrides per file or directory
* EUC file names (only relevant for making directory listings)
* Uploading files to the server, and versioned files
* Rate limiting
* Version 6 IP addresses in URLs
Some of the above features can be implemented by external programs,
althouigh not all of them can be. Some might be better to be implemented
within scorpiond itself. Some might be possible with options of xinetd.