1997-09-11 06:17:16 +04:00
/*
some simple CGI helper routines
1998-01-22 16:27:43 +03:00
Copyright ( C ) Andrew Tridgell 1997 - 1998
1997-09-11 06:17:16 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
1997-09-11 06:17:16 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
1997-09-11 06:17:16 +04:00
*/
1998-03-10 07:56:58 +03:00
# include "includes.h"
2004-10-07 08:01:18 +04:00
# include "web/swat_proto.h"
1997-09-11 06:17:16 +04:00
1997-11-22 10:51:23 +03:00
# define MAX_VARIABLES 10000
1998-03-10 07:56:58 +03:00
/* set the expiry on fixed pages */
# define EXPIRY_TIME (60*60*24*7)
1997-11-22 10:51:23 +03:00
# ifdef DEBUG_COMMENTS
extern void print_title ( char * fmt , . . . ) ;
# endif
1997-09-11 06:17:16 +04:00
2005-01-06 22:32:39 +03:00
struct cgi_var {
1997-09-11 06:17:16 +04:00
char * name ;
char * value ;
} ;
2005-01-06 22:32:39 +03:00
static struct cgi_var variables [ MAX_VARIABLES ] ;
1997-09-11 06:17:16 +04:00
static int num_variables ;
1997-11-22 10:51:23 +03:00
static int content_length ;
static int request_post ;
static char * query_string ;
2003-01-03 11:28:12 +03:00
static const char * baseurl ;
1998-03-14 07:13:24 +03:00
static char * pathinfo ;
1998-11-12 00:37:44 +03:00
static char * C_user ;
2007-10-19 04:40:25 +04:00
static bool inetd_server ;
static bool got_request ;
1997-11-22 10:51:23 +03:00
static char * grab_line ( FILE * f , int * cl )
1997-09-11 06:17:16 +04:00
{
2001-08-08 20:54:16 +04:00
char * ret = NULL ;
1997-09-11 06:17:16 +04:00
int i = 0 ;
2001-08-12 13:18:31 +04:00
int len = 0 ;
1997-11-22 10:51:23 +03:00
1997-09-11 06:17:16 +04:00
while ( ( * cl ) ) {
2001-08-08 20:54:16 +04:00
int c ;
if ( i = = len ) {
char * ret2 ;
if ( len = = 0 ) len = 1024 ;
else len * = 2 ;
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 09:31:04 +03:00
ret2 = ( char * ) SMB_REALLOC_KEEP_OLD_ON_ERROR ( ret , len ) ;
2001-08-08 20:54:16 +04:00
if ( ! ret2 ) return ret ;
ret = ret2 ;
}
c = fgetc ( f ) ;
1997-09-11 06:17:16 +04:00
( * cl ) - - ;
if ( c = = EOF ) {
( * cl ) = 0 ;
break ;
}
if ( c = = ' \r ' ) continue ;
2001-07-04 11:36:09 +04:00
if ( strchr_m ( " \n & " , c ) ) break ;
1997-09-11 06:17:16 +04:00
1997-11-22 10:51:23 +03:00
ret [ i + + ] = c ;
1997-09-11 06:17:16 +04:00
}
2006-08-28 08:55:05 +04:00
if ( ret ) {
ret [ i ] = 0 ;
}
1997-11-22 10:51:23 +03:00
return ret ;
1997-09-11 06:17:16 +04:00
}
2003-12-25 12:37:41 +03:00
/**
URL encoded strings can have a ' + ' , which should be replaced with a space
( This was in rfc1738_unescape ( ) , but that broke the squid helper )
* */
2004-02-08 11:38:42 +03:00
static void plus_to_space_unescape ( char * buf )
2003-12-25 12:37:41 +03:00
{
char * p = buf ;
while ( ( p = strchr_m ( p , ' + ' ) ) )
* p = ' ' ;
}
1997-09-11 06:17:16 +04:00
/***************************************************************************
1997-11-22 10:51:23 +03:00
load all the variables passed to the CGI program . May have multiple variables
with the same name and the same or different values . Takes a file parameter
for simulating CGI invocation eg loading saved preferences .
1997-09-11 06:17:16 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2001-09-24 08:49:14 +04:00
void cgi_load_variables ( void )
1997-09-11 06:17:16 +04:00
{
1997-11-22 10:51:23 +03:00
static char * line ;
char * p , * s , * tok ;
2001-09-24 08:49:14 +04:00
int len , i ;
FILE * f = stdin ;
1997-09-11 06:17:16 +04:00
1997-11-22 10:51:23 +03:00
# ifdef DEBUG_COMMENTS
char dummy [ 100 ] = " " ;
print_title ( dummy ) ;
2001-10-14 16:10:29 +04:00
d_printf ( " <!== Start dump in cgi_load_variables() %s ==> \n " , __FILE__ ) ;
1997-11-22 10:51:23 +03:00
# endif
1997-09-11 06:17:16 +04:00
2001-09-24 08:49:14 +04:00
if ( ! content_length ) {
p = getenv ( " CONTENT_LENGTH " ) ;
len = p ? atoi ( p ) : 0 ;
1997-11-22 10:51:23 +03:00
} else {
2001-09-24 08:49:14 +04:00
len = content_length ;
1997-11-22 10:51:23 +03:00
}
1997-09-11 06:17:16 +04:00
1997-11-22 10:51:23 +03:00
if ( len > 0 & &
2001-09-24 08:49:14 +04:00
( request_post | |
1997-11-22 10:51:23 +03:00
( ( s = getenv ( " REQUEST_METHOD " ) ) & &
2003-10-23 03:38:20 +04:00
strequal ( s , " POST " ) ) ) ) {
1997-11-22 10:51:23 +03:00
while ( len & & ( line = grab_line ( f , & len ) ) ) {
2001-07-04 11:36:09 +04:00
p = strchr_m ( line , ' = ' ) ;
1997-11-22 10:51:23 +03:00
if ( ! p ) continue ;
* p = 0 ;
2004-12-07 21:25:53 +03:00
variables [ num_variables ] . name = SMB_STRDUP ( line ) ;
variables [ num_variables ] . value = SMB_STRDUP ( p + 1 ) ;
1997-09-11 06:17:16 +04:00
2001-09-17 15:48:29 +04:00
SAFE_FREE ( line ) ;
1997-11-22 10:51:23 +03:00
if ( ! variables [ num_variables ] . name | |
! variables [ num_variables ] . value )
continue ;
1997-09-11 06:17:16 +04:00
2003-12-25 12:37:41 +03:00
plus_to_space_unescape ( variables [ num_variables ] . value ) ;
2003-01-15 21:57:41 +03:00
rfc1738_unescape ( variables [ num_variables ] . value ) ;
2003-12-25 12:37:41 +03:00
plus_to_space_unescape ( variables [ num_variables ] . name ) ;
2003-01-15 21:57:41 +03:00
rfc1738_unescape ( variables [ num_variables ] . name ) ;
1997-09-11 06:17:16 +04:00
1997-11-22 10:51:23 +03:00
# ifdef DEBUG_COMMENTS
printf ( " <!== POST var %s has value \" %s \" ==> \n " ,
variables [ num_variables ] . name ,
variables [ num_variables ] . value ) ;
1997-09-11 06:17:16 +04:00
# endif
1997-11-22 10:51:23 +03:00
num_variables + + ;
if ( num_variables = = MAX_VARIABLES ) break ;
}
}
1997-09-11 06:17:16 +04:00
fclose ( stdin ) ;
2000-04-11 11:14:12 +04:00
open ( " /dev/null " , O_RDWR ) ;
1997-11-22 10:51:23 +03:00
if ( ( s = query_string ) | | ( s = getenv ( " QUERY_STRING " ) ) ) {
for ( tok = strtok ( s , " &; " ) ; tok ; tok = strtok ( NULL , " &; " ) ) {
2001-07-04 11:36:09 +04:00
p = strchr_m ( tok , ' = ' ) ;
1997-11-22 10:51:23 +03:00
if ( ! p ) continue ;
* p = 0 ;
2004-12-07 21:25:53 +03:00
variables [ num_variables ] . name = SMB_STRDUP ( tok ) ;
variables [ num_variables ] . value = SMB_STRDUP ( p + 1 ) ;
1997-11-22 10:51:23 +03:00
if ( ! variables [ num_variables ] . name | |
! variables [ num_variables ] . value )
continue ;
2003-12-25 12:37:41 +03:00
plus_to_space_unescape ( variables [ num_variables ] . value ) ;
2003-01-15 21:57:41 +03:00
rfc1738_unescape ( variables [ num_variables ] . value ) ;
2003-12-25 12:37:41 +03:00
plus_to_space_unescape ( variables [ num_variables ] . name ) ;
2003-01-15 21:57:41 +03:00
rfc1738_unescape ( variables [ num_variables ] . name ) ;
1997-11-22 10:51:23 +03:00
# ifdef DEBUG_COMMENTS
printf ( " <!== Commandline var %s has value \" %s \" ==> \n " ,
variables [ num_variables ] . name ,
variables [ num_variables ] . value ) ;
# endif
num_variables + + ;
if ( num_variables = = MAX_VARIABLES ) break ;
}
}
# ifdef DEBUG_COMMENTS
printf ( " <!== End dump in cgi_load_variables() ==> \n " ) ;
# endif
2001-09-24 08:49:14 +04:00
2004-10-02 02:24:44 +04:00
/* variables from the client are in UTF-8 - convert them
to our internal unix charset before use */
2001-09-24 08:49:14 +04:00
for ( i = 0 ; i < num_variables ; i + + ) {
pstring dest ;
2004-10-02 02:24:44 +04:00
convert_string ( CH_UTF8 , CH_UNIX ,
2001-09-24 10:24:14 +04:00
variables [ i ] . name , - 1 ,
2004-03-12 01:48:24 +03:00
dest , sizeof ( dest ) , True ) ;
2001-09-24 08:49:14 +04:00
free ( variables [ i ] . name ) ;
2004-12-07 21:25:53 +03:00
variables [ i ] . name = SMB_STRDUP ( dest ) ;
2001-09-24 08:49:14 +04:00
2004-10-02 02:24:44 +04:00
convert_string ( CH_UTF8 , CH_UNIX ,
2001-09-24 10:24:14 +04:00
variables [ i ] . value , - 1 ,
2004-03-12 01:48:24 +03:00
dest , sizeof ( dest ) , True ) ;
2001-09-24 08:49:14 +04:00
free ( variables [ i ] . value ) ;
2004-12-07 21:25:53 +03:00
variables [ i ] . value = SMB_STRDUP ( dest ) ;
2001-09-24 08:49:14 +04:00
}
1997-09-11 06:17:16 +04:00
}
/***************************************************************************
find a variable passed via CGI
1997-11-22 10:51:23 +03:00
Doesn ' t quite do what you think in the case of POST text variables , because
if they exist they might have a value of " " or even " " , depending on the
browser . Also doesn ' t allow for variables [ ] containing multiple variables
with the same name and the same or different values .
1997-09-11 06:17:16 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-06-20 23:21:14 +04:00
2003-01-03 11:28:12 +03:00
const char * cgi_variable ( const char * name )
1997-09-11 06:17:16 +04:00
{
int i ;
for ( i = 0 ; i < num_variables ; i + + )
if ( strcmp ( variables [ i ] . name , name ) = = 0 )
return variables [ i ] . value ;
return NULL ;
}
2006-06-20 23:21:14 +04:00
/***************************************************************************
Version of the above that can ' t return a NULL pointer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
const char * cgi_variable_nonull ( const char * name )
{
const char * var = cgi_variable ( name ) ;
if ( var ) {
return var ;
} else {
return " " ;
}
}
1997-11-22 10:51:23 +03:00
/***************************************************************************
tell a browser about a fatal error in the http processing
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2003-01-03 11:28:12 +03:00
static void cgi_setup_error ( const char * err , const char * header , const char * info )
1997-11-22 10:51:23 +03:00
{
1998-11-21 04:41:14 +03:00
if ( ! got_request ) {
/* damn browsers don't like getting cut off before they give a request */
char line [ 1024 ] ;
while ( fgets ( line , sizeof ( line ) - 1 , stdin ) ) {
2003-10-23 03:38:20 +04:00
if ( strnequal ( line , " GET " , 4 ) | |
strnequal ( line , " POST " , 5 ) | |
strnequal ( line , " PUT " , 4 ) ) {
1998-11-21 04:41:14 +03:00
break ;
}
}
}
2001-10-14 16:10:29 +04:00
d_printf ( " HTTP/1.0 %s \r \n %sConnection: close \r \n Content-Type: text/html \r \n \r \n <HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML> \r \n \r \n " , err , header , err , err , info ) ;
1998-11-21 04:41:14 +03:00
fclose ( stdin ) ;
fclose ( stdout ) ;
1997-11-22 10:51:23 +03:00
exit ( 0 ) ;
}
1998-11-14 05:10:55 +03:00
/***************************************************************************
tell a browser about a fatal authentication error
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void cgi_auth_error ( void )
{
if ( inetd_server ) {
cgi_setup_error ( " 401 Authorization Required " ,
" WWW-Authenticate: Basic realm= \" SWAT \" \r \n " ,
" You must be authenticated to use this service " ) ;
} else {
printf ( " Content-Type: text/html \r \n " ) ;
printf ( " \r \n <HTML><HEAD><TITLE>SWAT</TITLE></HEAD> \n " ) ;
printf ( " <BODY><H1>Installation Error</H1> \n " ) ;
printf ( " SWAT must be installed via inetd. It cannot be run as a CGI script<p> \n " ) ;
printf ( " </BODY></HTML> \r \n " ) ;
}
exit ( 0 ) ;
}
2001-05-17 15:45:58 +04:00
/***************************************************************************
authenticate when we are running as a CGI
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void cgi_web_auth ( void )
{
2003-01-03 11:28:12 +03:00
const char * user = getenv ( " REMOTE_USER " ) ;
2001-05-17 15:45:58 +04:00
struct passwd * pwd ;
2003-01-03 11:28:12 +03:00
const char * head = " Content-Type: text/html \r \n \r \n <HTML><BODY><H1>SWAT installation Error</H1> \n " ;
const char * tail = " </BODY></HTML> \r \n " ;
2001-05-17 15:45:58 +04:00
if ( ! user ) {
printf ( " %sREMOTE_USER not set. Not authenticated by web server.<br>%s \n " ,
head , tail ) ;
exit ( 0 ) ;
}
2006-02-04 01:19:41 +03:00
pwd = getpwnam_alloc ( NULL , user ) ;
2001-05-17 15:45:58 +04:00
if ( ! pwd ) {
printf ( " %sCannot find user %s<br>%s \n " , head , user , tail ) ;
exit ( 0 ) ;
}
setuid ( 0 ) ;
setuid ( pwd - > pw_uid ) ;
if ( geteuid ( ) ! = pwd - > pw_uid | | getuid ( ) ! = pwd - > pw_uid ) {
printf ( " %sFailed to become user %s - uid=%d/%d<br>%s \n " ,
head , user , ( int ) geteuid ( ) , ( int ) getuid ( ) , tail ) ;
exit ( 0 ) ;
}
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( pwd ) ;
2001-05-17 15:45:58 +04:00
}
1998-11-14 05:10:55 +03:00
1997-11-22 10:51:23 +03:00
/***************************************************************************
handle a http authentication line
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
static bool cgi_handle_authorization ( char * line )
1997-11-22 10:51:23 +03:00
{
2003-02-01 10:27:01 +03:00
char * p ;
fstring user , user_pass ;
1999-12-13 16:27:58 +03:00
struct passwd * pass = NULL ;
1997-11-22 10:51:23 +03:00
2003-10-23 03:38:20 +04:00
if ( ! strnequal ( line , " Basic " , 6 ) ) {
2000-11-01 22:43:53 +03:00
goto err ;
1997-11-22 10:51:23 +03:00
}
line + = 6 ;
while ( line [ 0 ] = = ' ' ) line + + ;
2003-02-19 02:17:59 +03:00
base64_decode_inplace ( line ) ;
2001-07-04 11:36:09 +04:00
if ( ! ( p = strchr_m ( line , ' : ' ) ) ) {
1998-11-12 06:06:00 +03:00
/*
* Always give the same error so a cracker
* cannot tell why we fail .
*/
2000-11-01 22:43:53 +03:00
goto err ;
1997-11-22 10:51:23 +03:00
}
* p = 0 ;
2003-02-01 10:27:01 +03:00
2004-10-02 02:24:44 +04:00
convert_string ( CH_UTF8 , CH_UNIX ,
2003-02-01 10:27:01 +03:00
line , - 1 ,
2004-03-12 01:48:24 +03:00
user , sizeof ( user ) , True ) ;
2003-02-01 10:27:01 +03:00
2004-10-02 02:24:44 +04:00
convert_string ( CH_UTF8 , CH_UNIX ,
2003-02-01 10:27:01 +03:00
p + 1 , - 1 ,
2004-03-12 01:48:24 +03:00
user_pass , sizeof ( user_pass ) , True ) ;
2003-02-01 10:27:01 +03:00
1998-11-12 06:06:00 +03:00
/*
* Try and get the user from the UNIX password file .
*/
2001-09-19 09:26:11 +04:00
2006-02-04 01:19:41 +03:00
pass = getpwnam_alloc ( NULL , user ) ;
2001-09-19 09:26:11 +04:00
1998-11-12 06:06:00 +03:00
/*
* Validate the password they have given .
*/
2001-09-19 09:26:11 +04:00
2001-09-20 17:15:35 +04:00
if NT_STATUS_IS_OK ( pass_check ( pass , user , user_pass ,
2001-09-19 09:26:11 +04:00
strlen ( user_pass ) , NULL , False ) ) {
if ( pass ) {
1998-11-12 06:06:00 +03:00
/*
2001-09-19 09:26:11 +04:00
* Password was ok .
1998-11-12 06:06:00 +03:00
*/
2001-09-19 09:26:11 +04:00
2003-10-21 18:19:32 +04:00
if ( initgroups ( pass - > pw_name , pass - > pw_gid ) ! = 0 )
goto err ;
2001-09-20 17:15:35 +04:00
become_user_permanently ( pass - > pw_uid , pass - > pw_gid ) ;
2001-09-19 09:26:11 +04:00
/* Save the users name */
2004-12-07 21:25:53 +03:00
C_user = SMB_STRDUP ( user ) ;
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( pass ) ;
2001-09-19 09:26:11 +04:00
return True ;
1998-11-12 06:06:00 +03:00
}
}
2001-09-19 09:26:11 +04:00
err :
2003-11-22 09:16:01 +03:00
cgi_setup_error ( " 401 Bad Authorization " ,
" WWW-Authenticate: Basic realm= \" SWAT \" \r \n " ,
2000-11-01 22:43:53 +03:00
" username or password incorrect " ) ;
2006-02-20 20:59:58 +03:00
TALLOC_FREE ( pass ) ;
2000-11-01 22:43:53 +03:00
return False ;
1997-11-22 10:51:23 +03:00
}
1998-11-12 00:37:44 +03:00
/***************************************************************************
is this root ?
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool am_root ( void )
1998-11-12 00:37:44 +03:00
{
1998-11-12 06:06:00 +03:00
if ( geteuid ( ) = = 0 ) {
1998-11-12 00:37:44 +03:00
return ( True ) ;
} else {
return ( False ) ;
}
}
/***************************************************************************
return a ptr to the users name
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1998-11-14 05:10:55 +03:00
char * cgi_user_name ( void )
1998-11-12 00:37:44 +03:00
{
return ( C_user ) ;
}
1997-11-22 10:51:23 +03:00
/***************************************************************************
handle a file download
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void cgi_download ( char * file )
{
1998-09-02 00:11:54 +04:00
SMB_STRUCT_STAT st ;
1997-11-22 10:51:23 +03:00
char buf [ 1024 ] ;
1997-11-23 05:42:22 +03:00
int fd , l , i ;
1997-11-22 10:51:23 +03:00
char * p ;
2001-10-14 16:10:29 +04:00
char * lang ;
1997-11-22 10:51:23 +03:00
1997-11-23 05:42:22 +03:00
/* sanitise the filename */
for ( i = 0 ; file [ i ] ; i + + ) {
2001-07-04 11:36:09 +04:00
if ( ! isalnum ( ( int ) file [ i ] ) & & ! strchr_m ( " /.-_ " , file [ i ] ) ) {
1997-11-23 05:42:22 +03:00
cgi_setup_error ( " 404 File Not Found " , " " ,
" Illegal character in filename " ) ;
}
}
2004-08-16 19:25:57 +04:00
if ( sys_stat ( file , & st ) ! = 0 )
{
1997-11-22 10:51:23 +03:00
cgi_setup_error ( " 404 File Not Found " , " " ,
" The requested file was not found " ) ;
}
2001-10-14 16:10:29 +04:00
2004-08-16 19:25:57 +04:00
if ( S_ISDIR ( st . st_mode ) )
{
snprintf ( buf , sizeof ( buf ) , " %s/index.html " , file ) ;
if ( ! file_exist ( buf , & st ) | | ! S_ISREG ( st . st_mode ) )
{
cgi_setup_error ( " 404 File Not Found " , " " ,
" The requested file was not found " ) ;
}
}
else if ( S_ISREG ( st . st_mode ) )
{
snprintf ( buf , sizeof ( buf ) , " %s " , file ) ;
}
else
{
cgi_setup_error ( " 404 File Not Found " , " " ,
" The requested file was not found " ) ;
}
fd = web_open ( buf , O_RDONLY , 0 ) ;
1997-11-22 10:51:23 +03:00
if ( fd = = - 1 ) {
cgi_setup_error ( " 404 File Not Found " , " " ,
" The requested file was not found " ) ;
}
1998-10-26 13:55:29 +03:00
printf ( " HTTP/1.0 200 OK \r \n " ) ;
2004-08-16 19:25:57 +04:00
if ( ( p = strrchr_m ( buf , ' . ' ) ) ) {
1998-03-10 07:56:58 +03:00
if ( strcmp ( p , " .gif " ) = = 0 ) {
1997-11-22 10:51:23 +03:00
printf ( " Content-Type: image/gif \r \n " ) ;
1998-03-10 07:56:58 +03:00
} else if ( strcmp ( p , " .jpg " ) = = 0 ) {
printf ( " Content-Type: image/jpeg \r \n " ) ;
2005-07-08 08:51:27 +04:00
} else if ( strcmp ( p , " .png " ) = = 0 ) {
printf ( " Content-Type: image/png \r \n " ) ;
} else if ( strcmp ( p , " .css " ) = = 0 ) {
printf ( " Content-Type: text/css \r \n " ) ;
2000-09-01 06:06:20 +04:00
} else if ( strcmp ( p , " .txt " ) = = 0 ) {
printf ( " Content-Type: text/plain \r \n " ) ;
1997-11-22 10:51:23 +03:00
} else {
printf ( " Content-Type: text/html \r \n " ) ;
}
}
1998-03-10 07:56:58 +03:00
printf ( " Expires: %s \r \n " , http_timestring ( time ( NULL ) + EXPIRY_TIME ) ) ;
2001-10-14 16:10:29 +04:00
lang = lang_tdb_current ( ) ;
if ( lang ) {
printf ( " Content-Language: %s \r \n " , lang ) ;
}
1997-11-22 10:51:23 +03:00
printf ( " Content-Length: %d \r \n \r \n " , ( int ) st . st_size ) ;
while ( ( l = read ( fd , buf , sizeof ( buf ) ) ) > 0 ) {
fwrite ( buf , 1 , l , stdout ) ;
}
close ( fd ) ;
exit ( 0 ) ;
}
2001-05-17 15:45:58 +04:00
2001-11-19 05:48:23 +03:00
/**
* @ brief Setup the CGI framework .
*
* Setup the cgi framework , handling the possibility that this program
* is either run as a true CGI program with a gateway to a web server , or
* is itself a mini web server .
* */
void cgi_setup ( const char * rootdir , int auth_required )
1997-11-22 10:51:23 +03:00
{
2007-10-19 04:40:25 +04:00
bool authenticated = False ;
1997-11-22 10:51:23 +03:00
char line [ 1024 ] ;
char * url = NULL ;
char * p ;
2001-10-14 16:10:29 +04:00
char * lang ;
1997-11-22 10:51:23 +03:00
if ( chdir ( rootdir ) ) {
2003-02-28 11:48:26 +03:00
cgi_setup_error ( " 500 Server Error " , " " ,
1997-11-22 10:51:23 +03:00
" chdir failed - the server is not configured correctly " ) ;
}
2003-02-28 11:48:26 +03:00
/* Handle the possibility we might be running as non-root */
2001-09-20 17:15:35 +04:00
sec_init ( ) ;
2001-10-14 16:10:29 +04:00
if ( ( lang = getenv ( " HTTP_ACCEPT_LANGUAGE " ) ) ) {
/* if running as a cgi program */
web_set_lang ( lang ) ;
}
2001-09-24 19:55:09 +04:00
1998-11-14 05:10:55 +03:00
/* maybe we are running under a web server */
1997-11-22 10:51:23 +03:00
if ( getenv ( " CONTENT_LENGTH " ) | | getenv ( " REQUEST_METHOD " ) ) {
1998-11-14 05:10:55 +03:00
if ( auth_required ) {
2001-05-17 15:45:58 +04:00
cgi_web_auth ( ) ;
1998-11-12 00:37:44 +03:00
}
1997-11-22 10:51:23 +03:00
return ;
}
1998-11-14 05:10:55 +03:00
inetd_server = True ;
1998-11-21 04:41:14 +03:00
if ( ! check_access ( 1 , lp_hostsallow ( - 1 ) , lp_hostsdeny ( - 1 ) ) ) {
2003-02-28 11:48:26 +03:00
cgi_setup_error ( " 403 Forbidden " , " " ,
1998-11-21 04:41:14 +03:00
" Samba is configured to deny access from this client \n <br>Check your \" hosts allow \" and \" hosts deny \" options in smb.conf " ) ;
}
1997-11-22 10:51:23 +03:00
/* we are a mini-web server. We need to read the request from stdin
and handle authentication etc */
while ( fgets ( line , sizeof ( line ) - 1 , stdin ) ) {
if ( line [ 0 ] = = ' \r ' | | line [ 0 ] = = ' \n ' ) break ;
2003-10-23 03:38:20 +04:00
if ( strnequal ( line , " GET " , 4 ) ) {
1998-11-21 04:41:14 +03:00
got_request = True ;
2004-12-07 21:25:53 +03:00
url = SMB_STRDUP ( & line [ 4 ] ) ;
2003-10-23 03:38:20 +04:00
} else if ( strnequal ( line , " POST " , 5 ) ) {
1998-11-21 04:41:14 +03:00
got_request = True ;
1997-11-22 10:51:23 +03:00
request_post = 1 ;
2004-12-07 21:25:53 +03:00
url = SMB_STRDUP ( & line [ 5 ] ) ;
2003-10-23 03:38:20 +04:00
} else if ( strnequal ( line , " PUT " , 4 ) ) {
1998-11-21 04:41:14 +03:00
got_request = True ;
1997-11-22 10:51:23 +03:00
cgi_setup_error ( " 400 Bad Request " , " " ,
" This server does not accept PUT requests " ) ;
2003-10-23 03:38:20 +04:00
} else if ( strnequal ( line , " Authorization: " , 15 ) ) {
1997-11-22 10:51:23 +03:00
authenticated = cgi_handle_authorization ( & line [ 15 ] ) ;
2003-10-23 03:38:20 +04:00
} else if ( strnequal ( line , " Content-Length: " , 16 ) ) {
1997-11-22 10:51:23 +03:00
content_length = atoi ( & line [ 16 ] ) ;
2003-10-23 03:38:20 +04:00
} else if ( strnequal ( line , " Accept-Language: " , 17 ) ) {
2001-10-14 16:10:29 +04:00
web_set_lang ( & line [ 17 ] ) ;
1997-11-22 10:51:23 +03:00
}
/* ignore all other requests! */
}
1998-03-08 17:31:50 +03:00
if ( auth_required & & ! authenticated ) {
1998-11-14 05:10:55 +03:00
cgi_auth_error ( ) ;
1997-11-22 10:51:23 +03:00
}
if ( ! url ) {
cgi_setup_error ( " 400 Bad Request " , " " ,
" You must specify a GET or POST request " ) ;
}
/* trim the URL */
2001-07-04 11:36:09 +04:00
if ( ( p = strchr_m ( url , ' ' ) ) | | ( p = strchr_m ( url , ' \t ' ) ) ) {
1997-11-22 10:51:23 +03:00
* p = 0 ;
}
2001-07-04 11:36:09 +04:00
while ( * url & & strchr_m ( " \r \n " , url [ strlen ( url ) - 1 ] ) ) {
1997-11-22 10:51:23 +03:00
url [ strlen ( url ) - 1 ] = 0 ;
}
/* anything following a ? in the URL is part of the query string */
2001-07-04 11:36:09 +04:00
if ( ( p = strchr_m ( url , ' ? ' ) ) ) {
1997-11-22 10:51:23 +03:00
query_string = p + 1 ;
* p = 0 ;
}
1999-12-13 16:27:58 +03:00
string_sub ( url , " /swat/ " , " " , 0 ) ;
1998-09-02 06:02:30 +04:00
2004-08-16 19:25:57 +04:00
if ( url [ 0 ] ! = ' / ' & & strstr ( url , " .. " ) = = 0 ) {
1998-09-02 06:02:30 +04:00
cgi_download ( url ) ;
1997-11-22 10:51:23 +03:00
}
1998-10-26 13:55:29 +03:00
printf ( " HTTP/1.0 200 OK \r \n Connection: close \r \n " ) ;
1998-03-10 07:56:58 +03:00
printf ( " Date: %s \r \n " , http_timestring ( time ( NULL ) ) ) ;
1998-03-14 07:13:24 +03:00
baseurl = " " ;
pathinfo = url + 1 ;
1997-11-22 10:51:23 +03:00
}
1997-11-23 05:42:22 +03:00
1998-03-08 17:14:49 +03:00
/***************************************************************************
return the current pages URL
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2003-01-03 11:28:12 +03:00
const char * cgi_baseurl ( void )
1998-03-08 17:14:49 +03:00
{
1998-11-14 05:10:55 +03:00
if ( inetd_server ) {
1998-03-14 07:13:24 +03:00
return baseurl ;
}
return getenv ( " SCRIPT_NAME " ) ;
1998-03-08 17:14:49 +03:00
}
1998-03-14 07:13:24 +03:00
/***************************************************************************
return the current pages path info
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2003-01-03 11:28:12 +03:00
const char * cgi_pathinfo ( void )
1998-03-14 07:13:24 +03:00
{
char * r ;
1998-11-14 05:10:55 +03:00
if ( inetd_server ) {
1998-03-14 07:13:24 +03:00
return pathinfo ;
}
r = getenv ( " PATH_INFO " ) ;
if ( ! r ) return " " ;
if ( * r = = ' / ' ) r + + ;
return r ;
}
1998-03-17 15:31:43 +03:00
/***************************************************************************
return the hostname of the client
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-12 02:36:13 +04:00
const char * cgi_remote_host ( void )
1998-03-17 15:31:43 +03:00
{
1998-11-14 05:10:55 +03:00
if ( inetd_server ) {
2003-11-07 12:03:02 +03:00
return get_peer_name ( 1 , False ) ;
1998-03-17 15:31:43 +03:00
}
return getenv ( " REMOTE_HOST " ) ;
}
/***************************************************************************
return the hostname of the client
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-12 02:36:13 +04:00
const char * cgi_remote_addr ( void )
1998-03-17 15:31:43 +03:00
{
1998-11-14 05:10:55 +03:00
if ( inetd_server ) {
2007-11-04 04:15:45 +03:00
char addr [ INET6_ADDRSTRLEN ] ;
2007-11-04 04:41:26 +03:00
return get_peer_addr ( 1 , addr , sizeof ( addr ) ) ;
1998-03-17 15:31:43 +03:00
}
return getenv ( " REMOTE_ADDR " ) ;
}
1998-03-18 10:33:11 +03:00
/***************************************************************************
return True if the request was a POST
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool cgi_waspost ( void )
1998-03-18 10:33:11 +03:00
{
1998-11-14 05:10:55 +03:00
if ( inetd_server ) {
1998-03-18 10:33:11 +03:00
return request_post ;
}
return strequal ( getenv ( " REQUEST_METHOD " ) , " POST " ) ;
}
