*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <string.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <pwd.h>
+#include "includes.h"
+#include "smb.h"
#define MAX_VARIABLES 10000
+/* set the expiry on fixed pages */
+#define EXPIRY_TIME (60*60*24*7)
+
+#define CGI_LOGGING 0
+
#ifdef DEBUG_COMMENTS
extern void print_title(char *fmt, ...);
#endif
static int cgi_handle_authorization(char *line)
{
char *p, *user, *pass;
- struct passwd *pwd;
- int ret=0;
if (strncasecmp(line,"Basic ", 6)) {
cgi_setup_error("401 Bad Authorization", "",
pass = p+1;
/* currently only allow connections as root */
- if (strcasecmp(user,"root")) {
+ if (strcmp(user,"root")) {
cgi_setup_error("401 Bad Authorization", "",
"incorrect username/password");
}
-
- pwd = getpwnam(user);
-
- if (!strcmp((char *)crypt(pass, pwd->pw_passwd),pwd->pw_passwd)) {
- ret = 1;
- }
- memset(pass, 0, strlen(pass));
- return ret;
+ return password_ok(user, pass, strlen(pass), NULL);
}
}
}
- if (strstr(file,"..")) {
- cgi_setup_error("404 File Not Found","",
- "Relative paths not allowed");
- }
-
if (!file_exist(file, &st)) {
cgi_setup_error("404 File Not Found","",
"The requested file was not found");
}
printf("HTTP/1.1 200 OK\r\n");
if ((p=strrchr(file,'.'))) {
- if (strcmp(p,".gif")==0 || strcmp(p,".jpg")==0) {
+ if (strcmp(p,".gif")==0) {
printf("Content-Type: image/gif\r\n");
+ } else if (strcmp(p,".jpg")==0) {
+ printf("Content-Type: image/jpeg\r\n");
} else {
printf("Content-Type: text/html\r\n");
}
}
+ printf("Expires: %s\r\n", http_timestring(time(NULL)+EXPIRY_TIME));
+
printf("Content-Length: %d\r\n\r\n", (int)st.st_size);
while ((l=read(fd,buf,sizeof(buf)))>0) {
fwrite(buf, 1, l, stdout);
setup the cgi framework, handling the possability that this program is either
run as a true cgi program by a web browser or is itself a mini web server
***************************************************************************/
-void cgi_setup(char *rootdir)
+void cgi_setup(char *rootdir, int auth_required)
{
int authenticated = 0;
char line[1024];
char *url=NULL;
char *p;
+#if CGI_LOGGING
+ FILE *f = fopen("/tmp/cgi.log", "a");
+
+ fprintf(f,"\n[Date: %s]\n", http_timestring(time(NULL)));
+#endif
if (chdir(rootdir)) {
cgi_setup_error("400 Server Error", "",
/* we are a mini-web server. We need to read the request from stdin
and handle authentication etc */
while (fgets(line, sizeof(line)-1, stdin)) {
+#if CGI_LOGGING
+ fputs(line, f);
+#endif
if (line[0] == '\r' || line[0] == '\n') break;
if (strncasecmp(line,"GET ", 4)==0) {
request_get = 1;
}
/* ignore all other requests! */
}
+#if CGI_LOGGING
+ fclose(f);
+#endif
- if (!authenticated) {
+ if (auth_required && !authenticated) {
cgi_setup_error("401 Authorization Required",
"WWW-Authenticate: Basic realm=\"root\"\r\n",
"You must be authenticated to use this service");
*p = 0;
}
- if (strstr(url+1,"..")==0 && file_exist(url+1)) {
+ if (strstr(url+1,"..")==0 && file_exist(url+1, NULL)) {
cgi_download(url+1);
}
printf("HTTP/1.1 200 OK\r\nConnection: close\r\n");
-
+ printf("Date: %s\r\n", http_timestring(time(NULL)));
baseurl = url+1;
}
git.samba.org / samba.git / blobdiff