static pstring servicesf = CONFIGFILE;
static BOOL demo_mode = False;
+static BOOL have_write_access = False;
/*
* Password Management Globals
*/
-#define USER "username"
+#define SWAT_USER "username"
#define OLD_PSWD "old_passwd"
#define NEW_PSWD "new_passwd"
#define NEW2_PSWD "new2_passwd"
****************************************************************************/
static int include_html(char *fname)
{
- FILE *f = fopen(fname,"r");
+ FILE *f = sys_fopen(fname,"r");
char buf[1024];
int ret;
ptr = lp_local_ptr(snum, ptr);
}
- printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\">?</A> %s</td><td>",
+ printf("<tr><td><A HREF=\"/swat/help/smb.conf.5.html#%s\">Help</A> %s</td><td>",
stripspace(parm->label), parm->label);
switch (parm->type) {
{
FILE *f;
- f = fopen(servicesf,"w");
+ f = sys_fopen(servicesf,"w");
if (!f) {
printf("failed to open %s for writing\n", servicesf);
return 0;
/****************************************************************************
load the smb.conf file into loadparm.
****************************************************************************/
-static void load_config(void)
+static BOOL load_config(void)
{
- if (!lp_load(servicesf,False,True,False)) {
- printf("<b>Can't load %s - using defaults</b><p>\n",
- servicesf);
- }
+ return lp_load(servicesf,False,True,False);
}
/****************************************************************************
{
image_link("Home", "", "images/home.gif");
- /* Root gets full functionality */
- if (demo_mode || am_root()) {
- image_link("Globals", "globals", "images/globals.gif");
- image_link("Shares", "shares", "images/shares.gif");
- image_link("Printers", "printers", "images/printers.gif");
- image_link("Status", "status", "images/status.gif");
- image_link("View Config", "viewconfig","images/viewconfig.gif");
- }
-
- /* Everyone gets this functionality */
+ image_link("Globals", "globals", "images/globals.gif");
+ image_link("Shares", "shares", "images/shares.gif");
+ image_link("Printers", "printers", "images/printers.gif");
+ image_link("Status", "status", "images/status.gif");
+ image_link("View Config", "viewconfig","images/viewconfig.gif");
image_link("Password Management", "passwd", "images/passwd.gif");
printf("<HR>\n");
printf("<FORM name=\"swatform\" method=post>\n");
- printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ if (have_write_access) {
+ printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ }
+
printf("<input type=reset name=\"Reset Values\" value=\"Reset Values\">\n");
if (advanced == 0) {
printf("<input type=submit name=\"Advanced\" value=\"Advanced View\">\n");
if (snum >= 0) {
- printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ if (have_write_access) {
+ printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ }
+
printf("<input type=submit name=\"Delete\" value=\"Delete Share\">\n");
if (advanced == 0) {
printf("<input type=submit name=\"Advanced\" value=\"Advanced View\">\n");
return ret;
}
- if(!initialize_password_db()) {
+ if(!initialise_password_db()) {
printf("Can't setup password database vectors.\n<p>");
return False;
}
BOOL rslt;
/* Make sure users name has been specified */
- if (strlen(cgi_variable(USER)) == 0) {
+ if (strlen(cgi_variable(SWAT_USER)) == 0) {
printf("<p> Must specify \"User Name\" \n");
return;
}
* If current user is not root, make sure old password has been specified
* If REMOTE change, even root must provide old password
*/
- if (((am_root() == False) && (strlen( cgi_variable(OLD_PSWD)) <= 0)) ||
+ if (((!am_root()) && (strlen( cgi_variable(OLD_PSWD)) <= 0)) ||
((cgi_variable(CHG_R_PASSWD_FLAG)) && (strlen( cgi_variable(OLD_PSWD)) <= 0))) {
printf("<p> Must specify \"Old Password\" \n");
return;
host = "127.0.0.1";
}
rslt = change_password(host,
- cgi_variable(USER),
+ cgi_variable(SWAT_USER),
cgi_variable(OLD_PSWD), cgi_variable(NEW_PSWD),
cgi_variable(ADD_USER_FLAG)? True : False,
cgi_variable(ENABLE_USER_FLAG)? True : False,
if (rslt == True) {
- printf("<p> The passwd for '%s' has been changed. \n", cgi_variable(USER));
+ printf("<p> The passwd for '%s' has been changed. \n", cgi_variable(SWAT_USER));
} else {
- printf("<p> The passwd for '%s' has NOT been changed. \n",cgi_variable(USER));
+ printf("<p> The passwd for '%s' has NOT been changed. \n",cgi_variable(SWAT_USER));
}
return;
****************************************************************************/
static void passwd_page(void)
{
- char *new_name = get_user_name();
+ char *new_name = cgi_user_name();
/*
* After the first time through here be nice. If the user
* changed the User box text to another users name, remember it.
*/
- if (cgi_variable(USER)) {
- new_name = cgi_variable(USER);
+ if (cgi_variable(SWAT_USER)) {
+ new_name = cgi_variable(SWAT_USER);
}
if (!new_name) new_name = "";
* Create all the dialog boxes for data collection
*/
printf("<tr><td> User Name : </td>\n");
- printf("<td><input type=text size=30 name=%s value=%s></td></tr> \n", USER, new_name);
- if (am_root() == False) {
+ printf("<td><input type=text size=30 name=%s value=%s></td></tr> \n", SWAT_USER, new_name);
+ if (!am_root()) {
printf("<tr><td> Old Password : </td>\n");
printf("<td><input type=password size=30 name=%s></td></tr> \n",OLD_PSWD);
}
printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW_PSWD);
printf("<tr><td> Re-type New Password : </td>\n");
printf("<td><input type=password size=30 name=%s></td></tr>\n",NEW2_PSWD);
+ printf("</table>\n");
/*
* Create all the control buttons for requesting action
*/
- printf("<tr><td><input type=submit name=%s value=\"Change Password\"></td></tr>\n", CHG_S_PASSWD_FLAG);
- if (am_root() == True) {
- printf("<tr><td><input type=submit name=%s value=\"Add New User\"></td></tr>\n", ADD_USER_FLAG);
- printf("<tr><td><input type=submit name=%s value=\"Disable User\"></td></tr>\n", DISABLE_USER_FLAG);
- printf("<tr><td><input type=submit name=%s value=\"Enable User\"></td></tr>\n", ENABLE_USER_FLAG);
+ printf("<input type=submit name=%s value=\"Change Password\">\n",
+ CHG_S_PASSWD_FLAG);
+ if (demo_mode || am_root()) {
+ printf("<input type=submit name=%s value=\"Add New User\">\n",
+ ADD_USER_FLAG);
+ printf("<input type=submit name=%s value=\"Disable User\">\n",
+ DISABLE_USER_FLAG);
+ printf("<input type=submit name=%s value=\"Enable User\">\n",
+ ENABLE_USER_FLAG);
}
+ printf("<p></FORM>\n");
/*
- * Do some work if change, add, disable or enable was requested. It could be
- * this is the first time through this code, so there isn't anything to do.
- */
+ * Do some work if change, add, disable or enable was
+ * requested. It could be this is the first time through this
+ * code, so there isn't anything to do. */
if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) ||
(cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
chg_passwd();
}
- printf("</table>\n");
-
- printf("</FORM>\n");
-
printf("<H2>Client/Server Password Management</H2>\n");
printf("<FORM name=\"swatform\" method=post>\n");
* Create all the dialog boxes for data collection
*/
printf("<tr><td> User Name : </td>\n");
- printf("<td><input type=text size=30 name=%s value=%s></td></tr>\n",USER, new_name);
+ printf("<td><input type=text size=30 name=%s value=%s></td></tr>\n",SWAT_USER, new_name);
printf("<tr><td> Old Password : </td>\n");
printf("<td><input type=password size=30 name=%s></td></tr>\n",OLD_PSWD);
printf("<tr><td> New Password : </td>\n");
printf("<tr><td> Remote Machine : </td>\n");
printf("<td><input type=password size=30 name=%s></td></tr>\n",RHOST);
+ printf("</table>");
+
/*
* Create all the control buttons for requesting action
*/
- printf("<tr><td><input type=submit name=%s value=\"Change Password\"></td></tr>", CHG_R_PASSWD_FLAG);
+ printf("<input type=submit name=%s value=\"Change Password\">",
+ CHG_R_PASSWD_FLAG);
+
+ printf("<p></FORM>\n");
/*
- * Do some work if a request has been made to change the password somewhere other
- * than the server. It could be this is the first time through this code, so there
- * isn't anything to do.
- */
+ * Do some work if a request has been made to change the
+ * password somewhere other than the server. It could be this
+ * is the first time through this code, so there isn't
+ * anything to do. */
if (cgi_variable(CHG_R_PASSWD_FLAG)) {
chg_passwd();
}
- printf("</table>");
-
- printf("</FORM>\n");
}
/****************************************************************************
if (snum >= 0) {
- printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ if (have_write_access) {
+ printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
+ }
printf("<input type=submit name=\"Delete\" value=\"Delete Printer\">\n");
if (advanced == 0) {
printf("<input type=submit name=\"Advanced\" value=\"Advanced View\">\n");
/* just in case it goes wild ... */
alarm(300);
- dbf = fopen("/dev/null", "w");
+ dbf = sys_fopen("/dev/null", "w");
if (!dbf) dbf = stderr;
}
}
+ charset_initialise();
+ load_config();
+
cgi_setup(SWATDIR, !demo_mode);
print_header();
- charset_initialise();
-
- /* if this binary is setuid then run completely as root */
- setuid(0);
-
- load_config();
-
cgi_load_variables(NULL);
show_main_buttons();
page = cgi_pathinfo();
+ /* check if the authenticated user has write access - if not then
+ don't show write options */
+ have_write_access = (access(servicesf,W_OK) == 0);
+
/* Root gets full functionality */
- if (demo_mode || am_root()) {
- if (strcmp(page, "globals")==0) {
- globals_page();
- } else if (strcmp(page,"shares")==0) {
- shares_page();
- } else if (strcmp(page,"printers")==0) {
- printers_page();
- } else if (strcmp(page,"status")==0) {
- status_page();
- } else if (strcmp(page,"viewconfig")==0) {
- viewconfig_page();
- } else if (strcmp(page,"passwd")==0) {
- passwd_page();
- } else {
- welcome_page();
- }
+ if (strcmp(page, "globals")==0) {
+ globals_page();
+ } else if (strcmp(page,"shares")==0) {
+ shares_page();
+ } else if (strcmp(page,"printers")==0) {
+ printers_page();
+ } else if (strcmp(page,"status")==0) {
+ status_page();
+ } else if (strcmp(page,"viewconfig")==0) {
+ viewconfig_page();
+ } else if (strcmp(page,"passwd")==0) {
+ passwd_page();
} else {
- /* Everyone gets this functionality */
- if (strcmp(page,"passwd")==0) {
- passwd_page();
- } else {
- welcome_page();
- }
+ welcome_page();
}
-
+
print_footer();
return 0;
}