make SWAT obey the global "hosts allow" and "hosts deny" settings.
authorAndrew Tridgell <tridge@samba.org>
Sat, 21 Nov 1998 01:41:14 +0000 (01:41 +0000)
committerAndrew Tridgell <tridge@samba.org>
Sat, 21 Nov 1998 01:41:14 +0000 (01:41 +0000)
any attempt to run swat from a host that is disallowed will give an
error.

source/web/cgi.c
source/web/swat.c

index 009244e5957a647b239a132b7321289fa69d1a90..275bf8999feeb3bf1ce8929d738b310c449d5403 100644 (file)
@@ -46,6 +46,7 @@ static char *baseurl;
 static char *pathinfo;
 static char *C_user;
 static BOOL inetd_server;
+static BOOL got_request;
 
 static void unescape(char *buf)
 {
@@ -253,7 +254,21 @@ tell a browser about a fatal error in the http processing
   ***************************************************************************/
 static void cgi_setup_error(char *err, char *header, char *info)
 {
-       printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n", err, header, err, err, info);
+       if (!got_request) {
+               /* damn browsers don't like getting cut off before they give a request */
+               char line[1024];
+               while (fgets(line, sizeof(line)-1, stdin)) {
+                       if (strncasecmp(line,"GET ", 4)==0 || 
+                           strncasecmp(line,"POST ", 5)==0 ||
+                           strncasecmp(line,"PUT ", 4)==0) {
+                               break;
+                       }
+               }
+       }
+
+       printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
+       fclose(stdin);
+       fclose(stdout);
        exit(0);
 }
 
@@ -492,6 +507,11 @@ void cgi_setup(char *rootdir, int auth_required)
 
        inetd_server = True;
 
+       if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
+               cgi_setup_error("400 Server Error", "",
+                               "Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
+       }
+
 #if CGI_LOGGING
        f = sys_fopen("/tmp/cgi.log", "a");
        if (f) fprintf(f,"\n[Date: %s   %s (%s)]\n", 
@@ -507,11 +527,14 @@ void cgi_setup(char *rootdir, int auth_required)
 #endif
                if (line[0] == '\r' || line[0] == '\n') break;
                if (strncasecmp(line,"GET ", 4)==0) {
+                       got_request = True;
                        url = strdup(&line[4]);
                } else if (strncasecmp(line,"POST ", 5)==0) {
+                       got_request = True;
                        request_post = 1;
                        url = strdup(&line[5]);
                } else if (strncasecmp(line,"PUT ", 4)==0) {
+                       got_request = True;
                        cgi_setup_error("400 Bad Request", "",
                                        "This server does not accept PUT requests");
                } else if (strncasecmp(line,"Authorization: ", 15)==0) {
index 8c5ac782a39bed69160249b36714a810a4fa77f7..ed139e2483f4d903442adc5b75932bf66c468aed 100644 (file)
@@ -382,12 +382,9 @@ static void commit_parameters(int snum)
 /****************************************************************************
   load the smb.conf file into loadparm.
 ****************************************************************************/
-static void load_config(void)
+static BOOL load_config(void)
 {
-       if (!lp_load(servicesf,False,True,False)) {
-               printf("<b>Can't load %s - using defaults</b><p>\n", 
-                      servicesf);
-       }
+       return lp_load(servicesf,False,True,False);
 }
 
 /****************************************************************************
@@ -909,17 +906,13 @@ static void printers_page(void)
                }
        }
 
+       charset_initialise();
+       load_config();
+
        cgi_setup(SWATDIR, !demo_mode);
 
        print_header();
        
-       charset_initialise();
-
-       /* if this binary is setuid then run completely as root */
-       setuid(0);
-
-       load_config();
-
        cgi_load_variables(NULL);
 
        show_main_buttons();