This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
-#include "smb.h"
+#include "web/swat_proto.h"
#define MAX_VARIABLES 10000
/* set the expiry on fixed pages */
#define EXPIRY_TIME (60*60*24*7)
-#define CGI_LOGGING 0
-
#ifdef DEBUG_COMMENTS
extern void print_title(char *fmt, ...);
#endif
-struct var {
+struct cgi_var {
char *name;
char *value;
};
-static struct var variables[MAX_VARIABLES];
+static struct cgi_var variables[MAX_VARIABLES];
static int num_variables;
static int content_length;
static int request_post;
static char *query_string;
-static char *baseurl;
+static const char *baseurl;
static char *pathinfo;
static char *C_user;
-static BOOL inetd_server;
-static BOOL got_request;
-
-static void unescape(char *buf)
-{
- char *p=buf;
-
- while ((p=strchr(p,'+')))
- *p = ' ';
-
- p = buf;
-
- while (p && *p && (p=strchr(p,'%'))) {
- int c1 = p[1];
- int c2 = p[2];
-
- if (c1 >= '0' && c1 <= '9')
- c1 = c1 - '0';
- else if (c1 >= 'A' && c1 <= 'F')
- c1 = 10 + c1 - 'A';
- else if (c1 >= 'a' && c1 <= 'f')
- c1 = 10 + c1 - 'a';
- else {p++; continue;}
-
- if (c2 >= '0' && c2 <= '9')
- c2 = c2 - '0';
- else if (c2 >= 'A' && c2 <= 'F')
- c2 = 10 + c2 - 'A';
- else if (c2 >= 'a' && c2 <= 'f')
- c2 = 10 + c2 - 'a';
- else {p++; continue;}
-
- *p = (c1<<4) | c2;
-
- memcpy(p+1, p+3, strlen(p+3)+1);
- p++;
- }
-}
-
+static bool inetd_server;
+static bool got_request;
static char *grab_line(FILE *f, int *cl)
{
- char *ret;
+ char *ret = NULL;
int i = 0;
- int len = 1024;
-
- ret = (char *)malloc(len);
- if (!ret) return NULL;
-
+ int len = 0;
while ((*cl)) {
- int c = fgetc(f);
+ int c;
+
+ if (i == len) {
+ char *ret2;
+ if (len == 0) len = 1024;
+ else len *= 2;
+ ret2 = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(ret, len);
+ if (!ret2) return ret;
+ ret = ret2;
+ }
+
+ c = fgetc(f);
(*cl)--;
if (c == EOF) {
if (c == '\r') continue;
- if (strchr("\n&", c)) break;
+ if (strchr_m("\n&", c)) break;
ret[i++] = c;
- if (i == len-1) {
- char *ret2;
- ret2 = (char *)realloc(ret, len*2);
- if (!ret2) return ret;
- len *= 2;
- ret = ret2;
- }
}
-
- ret[i] = 0;
+ if (ret) {
+ ret[i] = 0;
+ }
return ret;
}
+/**
+ URL encoded strings can have a '+', which should be replaced with a space
+
+ (This was in rfc1738_unescape(), but that broke the squid helper)
+**/
+
+static void plus_to_space_unescape(char *buf)
+{
+ char *p=buf;
+
+ while ((p=strchr_m(p,'+')))
+ *p = ' ';
+}
+
/***************************************************************************
load all the variables passed to the CGI program. May have multiple variables
with the same name and the same or different values. Takes a file parameter
for simulating CGI invocation eg loading saved preferences.
***************************************************************************/
-void cgi_load_variables(FILE *f1)
+void cgi_load_variables(void)
{
- FILE *f = f1;
static char *line;
char *p, *s, *tok;
- int len;
+ int len, i;
+ FILE *f = stdin;
#ifdef DEBUG_COMMENTS
char dummy[100]="";
print_title(dummy);
- printf("<!== Start dump in cgi_load_variables() %s ==>\n",__FILE__);
+ d_printf("<!== Start dump in cgi_load_variables() %s ==>\n",__FILE__);
#endif
- if (!f1) {
- f = stdin;
- if (!content_length) {
- p = getenv("CONTENT_LENGTH");
- len = p?atoi(p):0;
- } else {
- len = content_length;
- }
+ if (!content_length) {
+ p = getenv("CONTENT_LENGTH");
+ len = p?atoi(p):0;
} else {
- fseek(f, 0, SEEK_END);
- len = ftell(f);
- fseek(f, 0, SEEK_SET);
+ len = content_length;
}
if (len > 0 &&
- (f1 || request_post ||
+ (request_post ||
((s=getenv("REQUEST_METHOD")) &&
- strcasecmp(s,"POST")==0))) {
+ strequal(s,"POST")))) {
while (len && (line=grab_line(f, &len))) {
- p = strchr(line,'=');
+ p = strchr_m(line,'=');
if (!p) continue;
*p = 0;
- variables[num_variables].name = strdup(line);
- variables[num_variables].value = strdup(p+1);
+ variables[num_variables].name = SMB_STRDUP(line);
+ variables[num_variables].value = SMB_STRDUP(p+1);
- free(line);
+ SAFE_FREE(line);
if (!variables[num_variables].name ||
!variables[num_variables].value)
continue;
- unescape(variables[num_variables].value);
- unescape(variables[num_variables].name);
+ plus_to_space_unescape(variables[num_variables].value);
+ rfc1738_unescape(variables[num_variables].value);
+ plus_to_space_unescape(variables[num_variables].name);
+ rfc1738_unescape(variables[num_variables].name);
#ifdef DEBUG_COMMENTS
printf("<!== POST var %s has value \"%s\" ==>\n",
}
}
- if (f1) {
-#ifdef DEBUG_COMMENTS
- printf("<!== End dump in cgi_load_variables() ==>\n");
-#endif
- return;
- }
-
fclose(stdin);
open("/dev/null", O_RDWR);
if ((s=query_string) || (s=getenv("QUERY_STRING"))) {
for (tok=strtok(s,"&;");tok;tok=strtok(NULL,"&;")) {
- p = strchr(tok,'=');
+ p = strchr_m(tok,'=');
if (!p) continue;
*p = 0;
- variables[num_variables].name = strdup(tok);
- variables[num_variables].value = strdup(p+1);
+ variables[num_variables].name = SMB_STRDUP(tok);
+ variables[num_variables].value = SMB_STRDUP(p+1);
if (!variables[num_variables].name ||
!variables[num_variables].value)
continue;
- unescape(variables[num_variables].value);
- unescape(variables[num_variables].name);
+ plus_to_space_unescape(variables[num_variables].value);
+ rfc1738_unescape(variables[num_variables].value);
+ plus_to_space_unescape(variables[num_variables].name);
+ rfc1738_unescape(variables[num_variables].name);
#ifdef DEBUG_COMMENTS
printf("<!== Commandline var %s has value \"%s\" ==>\n",
#ifdef DEBUG_COMMENTS
printf("<!== End dump in cgi_load_variables() ==>\n");
#endif
+
+ /* variables from the client are in UTF-8 - convert them
+ to our internal unix charset before use */
+ for (i=0;i<num_variables;i++) {
+ pstring dest;
+
+ convert_string(CH_UTF8, CH_UNIX,
+ variables[i].name, -1,
+ dest, sizeof(dest), True);
+ free(variables[i].name);
+ variables[i].name = SMB_STRDUP(dest);
+
+ convert_string(CH_UTF8, CH_UNIX,
+ variables[i].value, -1,
+ dest, sizeof(dest), True);
+ free(variables[i].value);
+ variables[i].value = SMB_STRDUP(dest);
+ }
}
browser. Also doesn't allow for variables[] containing multiple variables
with the same name and the same or different values.
***************************************************************************/
-char *cgi_variable(char *name)
+
+const char *cgi_variable(const char *name)
{
int i;
return NULL;
}
+/***************************************************************************
+ Version of the above that can't return a NULL pointer.
+***************************************************************************/
+
+const char *cgi_variable_nonull(const char *name)
+{
+ const char *var = cgi_variable(name);
+ if (var) {
+ return var;
+ } else {
+ return "";
+ }
+}
+
/***************************************************************************
tell a browser about a fatal error in the http processing
***************************************************************************/
-static void cgi_setup_error(char *err, char *header, char *info)
+static void cgi_setup_error(const char *err, const char *header, const char *info)
{
if (!got_request) {
/* damn browsers don't like getting cut off before they give a request */
char line[1024];
while (fgets(line, sizeof(line)-1, stdin)) {
- if (strncasecmp(line,"GET ", 4)==0 ||
- strncasecmp(line,"POST ", 5)==0 ||
- strncasecmp(line,"PUT ", 4)==0) {
+ if (strnequal(line,"GET ", 4) ||
+ strnequal(line,"POST ", 5) ||
+ strnequal(line,"PUT ", 4)) {
break;
}
}
}
- printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
+ d_printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
fclose(stdin);
fclose(stdout);
exit(0);
exit(0);
}
-
/***************************************************************************
-decode a base64 string in-place - simple and slow algorithm
+authenticate when we are running as a CGI
***************************************************************************/
-static void base64_decode(char *s)
+static void cgi_web_auth(void)
{
- char *b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- int bit_offset, byte_offset, idx, i, n;
- unsigned char *d = (unsigned char *)s;
- char *p;
+ const char *user = getenv("REMOTE_USER");
+ struct passwd *pwd;
+ const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+ const char *tail = "</BODY></HTML>\r\n";
- n=i=0;
+ if (!user) {
+ printf("%sREMOTE_USER not set. Not authenticated by web server.<br>%s\n",
+ head, tail);
+ exit(0);
+ }
- while (*s && (p=strchr(b64,*s))) {
- idx = (int)(p - b64);
- byte_offset = (i*6)/8;
- bit_offset = (i*6)%8;
- d[byte_offset] &= ~((1<<(8-bit_offset))-1);
- if (bit_offset < 3) {
- d[byte_offset] |= (idx << (2-bit_offset));
- n = byte_offset+1;
- } else {
- d[byte_offset] |= (idx >> (bit_offset-2));
- d[byte_offset+1] = 0;
- d[byte_offset+1] |= (idx << (8-(bit_offset-2))) & 0xFF;
- n = byte_offset+2;
- }
- s++; i++;
+ pwd = getpwnam_alloc(NULL, user);
+ if (!pwd) {
+ printf("%sCannot find user %s<br>%s\n", head, user, tail);
+ exit(0);
}
- /* null terminate */
- d[n] = 0;
+
+ setuid(0);
+ setuid(pwd->pw_uid);
+ if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
+ printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
+ head, user, (int)geteuid(), (int)getuid(), tail);
+ exit(0);
+ }
+ TALLOC_FREE(pwd);
}
/***************************************************************************
handle a http authentication line
***************************************************************************/
-static BOOL cgi_handle_authorization(char *line)
+static bool cgi_handle_authorization(char *line)
{
- char *p, *user, *user_pass;
+ char *p;
+ fstring user, user_pass;
struct passwd *pass = NULL;
- BOOL ret = False;
- if (strncasecmp(line,"Basic ", 6)) {
- cgi_setup_error("401 Bad Authorization", "",
- "Only basic authorization is understood");
- return False;
+ if (!strnequal(line,"Basic ", 6)) {
+ goto err;
}
line += 6;
while (line[0] == ' ') line++;
- base64_decode(line);
- if (!(p=strchr(line,':'))) {
+ base64_decode_inplace(line);
+ if (!(p=strchr_m(line,':'))) {
/*
* Always give the same error so a cracker
* cannot tell why we fail.
*/
- cgi_setup_error("401 Bad Authorization", "",
- "username/password must be supplied");
- return False;
+ goto err;
}
*p = 0;
- user = line;
- user_pass = p+1;
+
+ convert_string(CH_UTF8, CH_UNIX,
+ line, -1,
+ user, sizeof(user), True);
+
+ convert_string(CH_UTF8, CH_UNIX,
+ p+1, -1,
+ user_pass, sizeof(user_pass), True);
/*
* Try and get the user from the UNIX password file.
*/
-
- if(!(pass = Get_Pwnam(user,False))) {
- /*
- * Always give the same error so a cracker
- * cannot tell why we fail.
- */
- cgi_setup_error("401 Bad Authorization", "",
- "username/password must be supplied");
- return False;
- }
-
+
+ pass = getpwnam_alloc(NULL, user);
+
/*
* Validate the password they have given.
*/
-
- if((ret = pass_check(user, user_pass, strlen(user_pass), NULL, NULL)) == True) {
-
- /*
- * Password was ok.
- */
-
- if(pass->pw_uid != 0) {
+
+ if NT_STATUS_IS_OK(pass_check(pass, user, user_pass,
+ strlen(user_pass), NULL, False)) {
+
+ if (pass) {
/*
- * We have not authenticated as root,
- * become the user *permanently*.
+ * Password was ok.
*/
+
+ if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
+ goto err;
+
become_user_permanently(pass->pw_uid, pass->pw_gid);
+
+ /* Save the users name */
+ C_user = SMB_STRDUP(user);
+ TALLOC_FREE(pass);
+ return True;
}
-
- /* Save the users name */
- C_user = strdup(user);
}
+
+err:
+ cgi_setup_error("401 Bad Authorization",
+ "WWW-Authenticate: Basic realm=\"SWAT\"\r\n",
+ "username or password incorrect");
- return ret;
+ TALLOC_FREE(pass);
+ return False;
}
/***************************************************************************
is this root?
***************************************************************************/
-BOOL am_root(void)
+bool am_root(void)
{
if (geteuid() == 0) {
return( True);
char buf[1024];
int fd, l, i;
char *p;
+ char *lang;
/* sanitise the filename */
for (i=0;file[i];i++) {
- if (!isalnum((int)file[i]) && !strchr("/.-_", file[i])) {
+ if (!isalnum((int)file[i]) && !strchr_m("/.-_", file[i])) {
cgi_setup_error("404 File Not Found","",
"Illegal character in filename");
}
}
- if (!file_exist(file, &st)) {
+ if (sys_stat(file, &st) != 0)
+ {
+ cgi_setup_error("404 File Not Found","",
+ "The requested file was not found");
+ }
+
+ if (S_ISDIR(st.st_mode))
+ {
+ snprintf(buf, sizeof(buf), "%s/index.html", file);
+ if (!file_exist(buf, &st) || !S_ISREG(st.st_mode))
+ {
+ cgi_setup_error("404 File Not Found","",
+ "The requested file was not found");
+ }
+ }
+ else if (S_ISREG(st.st_mode))
+ {
+ snprintf(buf, sizeof(buf), "%s", file);
+ }
+ else
+ {
cgi_setup_error("404 File Not Found","",
"The requested file was not found");
}
- fd = sys_open(file,O_RDONLY,0);
+
+ fd = web_open(buf,O_RDONLY,0);
if (fd == -1) {
cgi_setup_error("404 File Not Found","",
"The requested file was not found");
}
printf("HTTP/1.0 200 OK\r\n");
- if ((p=strrchr(file,'.'))) {
+ if ((p=strrchr_m(buf, '.'))) {
if (strcmp(p,".gif")==0) {
printf("Content-Type: image/gif\r\n");
} else if (strcmp(p,".jpg")==0) {
printf("Content-Type: image/jpeg\r\n");
+ } else if (strcmp(p,".png")==0) {
+ printf("Content-Type: image/png\r\n");
+ } else if (strcmp(p,".css")==0) {
+ printf("Content-Type: text/css\r\n");
+ } else if (strcmp(p,".txt")==0) {
+ printf("Content-Type: text/plain\r\n");
} else {
printf("Content-Type: text/html\r\n");
}
}
printf("Expires: %s\r\n", http_timestring(time(NULL)+EXPIRY_TIME));
+ lang = lang_tdb_current();
+ if (lang) {
+ printf("Content-Language: %s\r\n", lang);
+ }
+
printf("Content-Length: %d\r\n\r\n", (int)st.st_size);
while ((l=read(fd,buf,sizeof(buf)))>0) {
fwrite(buf, 1, l, stdout);
}
-/***************************************************************************
-setup the cgi framework, handling the possability that this program is either
-run as a true cgi program by a web browser or is itself a mini web server
- ***************************************************************************/
-void cgi_setup(char *rootdir, int auth_required)
+
+
+/**
+ * @brief Setup the CGI framework.
+ *
+ * Setup the cgi framework, handling the possibility that this program
+ * is either run as a true CGI program with a gateway to a web server, or
+ * is itself a mini web server.
+ **/
+void cgi_setup(const char *rootdir, int auth_required)
{
- BOOL authenticated = False;
+ bool authenticated = False;
char line[1024];
char *url=NULL;
char *p;
-#if CGI_LOGGING
- FILE *f;
-#endif
+ char *lang;
if (chdir(rootdir)) {
- cgi_setup_error("400 Server Error", "",
+ cgi_setup_error("500 Server Error", "",
"chdir failed - the server is not configured correctly");
}
+ /* Handle the possibility we might be running as non-root */
+ sec_init();
+
+ if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
+ /* if running as a cgi program */
+ web_set_lang(lang);
+ }
+
/* maybe we are running under a web server */
if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
if (auth_required) {
- cgi_auth_error();
+ cgi_web_auth();
}
return;
}
inetd_server = True;
if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
- cgi_setup_error("400 Server Error", "",
+ cgi_setup_error("403 Forbidden", "",
"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
}
-#if CGI_LOGGING
- f = sys_fopen("/tmp/cgi.log", "a");
- if (f) fprintf(f,"\n[Date: %s %s (%s)]\n",
- http_timestring(time(NULL)),
- client_name(1), client_addr(1));
-#endif
-
/* we are a mini-web server. We need to read the request from stdin
and handle authentication etc */
while (fgets(line, sizeof(line)-1, stdin)) {
-#if CGI_LOGGING
- if (f) fputs(line, f);
-#endif
if (line[0] == '\r' || line[0] == '\n') break;
- if (strncasecmp(line,"GET ", 4)==0) {
+ if (strnequal(line,"GET ", 4)) {
got_request = True;
- url = strdup(&line[4]);
- } else if (strncasecmp(line,"POST ", 5)==0) {
+ url = SMB_STRDUP(&line[4]);
+ } else if (strnequal(line,"POST ", 5)) {
got_request = True;
request_post = 1;
- url = strdup(&line[5]);
- } else if (strncasecmp(line,"PUT ", 4)==0) {
+ url = SMB_STRDUP(&line[5]);
+ } else if (strnequal(line,"PUT ", 4)) {
got_request = True;
cgi_setup_error("400 Bad Request", "",
"This server does not accept PUT requests");
- } else if (strncasecmp(line,"Authorization: ", 15)==0) {
+ } else if (strnequal(line,"Authorization: ", 15)) {
authenticated = cgi_handle_authorization(&line[15]);
- } else if (strncasecmp(line,"Content-Length: ", 16)==0) {
+ } else if (strnequal(line,"Content-Length: ", 16)) {
content_length = atoi(&line[16]);
+ } else if (strnequal(line,"Accept-Language: ", 17)) {
+ web_set_lang(&line[17]);
}
/* ignore all other requests! */
}
-#if CGI_LOGGING
- if (f) fclose(f);
-#endif
if (auth_required && !authenticated) {
cgi_auth_error();
}
/* trim the URL */
- if ((p = strchr(url,' ')) || (p=strchr(url,'\t'))) {
+ if ((p = strchr_m(url,' ')) || (p=strchr_m(url,'\t'))) {
*p = 0;
}
- while (*url && strchr("\r\n",url[strlen(url)-1])) {
+ while (*url && strchr_m("\r\n",url[strlen(url)-1])) {
url[strlen(url)-1] = 0;
}
/* anything following a ? in the URL is part of the query string */
- if ((p=strchr(url,'?'))) {
+ if ((p=strchr_m(url,'?'))) {
query_string = p+1;
*p = 0;
}
string_sub(url, "/swat/", "", 0);
- if (url[0] != '/' && strstr(url,"..")==0 && file_exist(url, NULL)) {
+ if (url[0] != '/' && strstr(url,"..")==0) {
cgi_download(url);
}
/***************************************************************************
return the current pages URL
***************************************************************************/
-char *cgi_baseurl(void)
+const char *cgi_baseurl(void)
{
if (inetd_server) {
return baseurl;
/***************************************************************************
return the current pages path info
***************************************************************************/
-char *cgi_pathinfo(void)
+const char *cgi_pathinfo(void)
{
char *r;
if (inetd_server) {
/***************************************************************************
return the hostname of the client
***************************************************************************/
-char *cgi_remote_host(void)
+const char *cgi_remote_host(void)
{
if (inetd_server) {
- return client_name(1);
+ return get_peer_name(1,False);
}
return getenv("REMOTE_HOST");
}
/***************************************************************************
return the hostname of the client
***************************************************************************/
-char *cgi_remote_addr(void)
+const char *cgi_remote_addr(void)
{
if (inetd_server) {
- return client_addr(1);
+ return get_peer_addr(1);
}
return getenv("REMOTE_ADDR");
}
/***************************************************************************
return True if the request was a POST
***************************************************************************/
-BOOL cgi_waspost(void)
+bool cgi_waspost(void)
{
if (inetd_server) {
return request_post;