make SWAT obey the global "hosts allow" and "hosts deny" settings.

any attempt to run swat from a host that is disallowed will give an
error.
(This used to be commit fe4ef4bbef01aed75807c884249ca8efa5de4140)

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 009244e5957a647b239a132b7321289fa69d1a90..275bf8999feeb3bf1ce8929d738b310c449d5403 100644 (file)
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -46,6 +46,7 @@ static char *baseurl;
 static char *pathinfo;
 static char *C_user;
 static BOOL inetd_server;
 static char *pathinfo;
 static char *C_user;
 static BOOL inetd_server;

+static BOOL got_request;

 
 static void unescape(char *buf)
 {
 
 static void unescape(char *buf)
 {


@@ -253,7 +254,21 @@ tell a browser about a fatal error in the http processing
   ***************************************************************************/
 static void cgi_setup_error(char *err, char *header, char *info)
 {
   ***************************************************************************/
 static void cgi_setup_error(char *err, char *header, char *info)
 {

-       printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n", err, header, err, err, info);
+       if (!got_request) {
+               /* damn browsers don't like getting cut off before they give a request */
+               char line[1024];
+               while (fgets(line, sizeof(line)-1, stdin)) {
+                       if (strncasecmp(line,"GET ", 4)==0 || 
+                           strncasecmp(line,"POST ", 5)==0 ||
+                           strncasecmp(line,"PUT ", 4)==0) {
+                               break;
+                       }
+               }
+       }
+
+       printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
+       fclose(stdin);
+       fclose(stdout);

        exit(0);
 }
 
        exit(0);
 }
 


@@ -492,6 +507,11 @@ void cgi_setup(char *rootdir, int auth_required)
 
        inetd_server = True;
 
 
        inetd_server = True;
 

+       if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
+               cgi_setup_error("400 Server Error", "",
+                               "Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
+       }
+

 #if CGI_LOGGING
        f = sys_fopen("/tmp/cgi.log", "a");
        if (f) fprintf(f,"\n[Date: %s   %s (%s)]\n", 
 #if CGI_LOGGING
        f = sys_fopen("/tmp/cgi.log", "a");
        if (f) fprintf(f,"\n[Date: %s   %s (%s)]\n", 


@@ -507,11 +527,14 @@ void cgi_setup(char *rootdir, int auth_required)
 #endif
                if (line[0] == '\r' || line[0] == '\n') break;
                if (strncasecmp(line,"GET ", 4)==0) {
 #endif
                if (line[0] == '\r' || line[0] == '\n') break;
                if (strncasecmp(line,"GET ", 4)==0) {

+                       got_request = True;

                        url = strdup(&line[4]);
                } else if (strncasecmp(line,"POST ", 5)==0) {
                        url = strdup(&line[4]);
                } else if (strncasecmp(line,"POST ", 5)==0) {

+                       got_request = True;

                        request_post = 1;
                        url = strdup(&line[5]);
                } else if (strncasecmp(line,"PUT ", 4)==0) {
                        request_post = 1;
                        url = strdup(&line[5]);
                } else if (strncasecmp(line,"PUT ", 4)==0) {

+                       got_request = True;

                        cgi_setup_error("400 Bad Request", "",
                                        "This server does not accept PUT requests");
                } else if (strncasecmp(line,"Authorization: ", 15)==0) {
                        cgi_setup_error("400 Bad Request", "",
                                        "This server does not accept PUT requests");
                } else if (strncasecmp(line,"Authorization: ", 15)==0) {

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 8c5ac782a39bed69160249b36714a810a4fa77f7..ed139e2483f4d903442adc5b75932bf66c468aed 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -382,12 +382,9 @@ static void commit_parameters(int snum)
 /****************************************************************************
   load the smb.conf file into loadparm.
 ****************************************************************************/
 /****************************************************************************
   load the smb.conf file into loadparm.
 ****************************************************************************/

-static void load_config(void)
+static BOOL load_config(void)

 {
 {

-       if (!lp_load(servicesf,False,True,False)) {
-               printf("<b>Can't load %s - using defaults</b><p>\n", 
-                      servicesf);
-       }
+       return lp_load(servicesf,False,True,False);

 }
 
 /****************************************************************************
 }
 
 /****************************************************************************


@@ -909,17 +906,13 @@ static void printers_page(void)
                }
        }
 
                }
        }
 

+       charset_initialise();
+       load_config();
+

        cgi_setup(SWATDIR, !demo_mode);
 
        print_header();
        
        cgi_setup(SWATDIR, !demo_mode);
 
        print_header();
        

-       charset_initialise();
-
-       /* if this binary is setuid then run completely as root */
-       setuid(0);
-
-       load_config();
-

        cgi_load_variables(NULL);
 
        show_main_buttons();
        cgi_load_variables(NULL);
 
        show_main_buttons();