Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

cgi.c

Visit:

Last change on this file was 774, checked in by Herwig Bauernfeind, 12 years ago
Samba Server 3.5: Update branch to 3.5.21
File size: 19.2 KB

Rev	Line
[596]	1	/*
	2	some simple CGI helper routines
	3	Copyright (C) Andrew Tridgell 1997-1998
	4
	5	This program is free software; you can redistribute it and/or modify
	6	it under the terms of the GNU General Public License as published by
	7	the Free Software Foundation; either version 3 of the License, or
	8	(at your option) any later version.
	9
	10	This program is distributed in the hope that it will be useful,
	11	but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	GNU General Public License for more details.
	14
	15	You should have received a copy of the GNU General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17	*/
[454]	18
[596]	19
	20	#include "includes.h"
	21	#include "web/swat_proto.h"
[617]	22	#include "secrets.h"
	23	#include "../lib/util/util.h"
[596]	24
	25	#define MAX_VARIABLES 10000
	26
	27	/* set the expiry on fixed pages */
	28	#define EXPIRY_TIME (606024*7)
	29
	30	#ifdef DEBUG_COMMENTS
	31	extern void print_title(char *fmt, ...);
	32	#endif
	33
	34	struct cgi_var {
	35	char *name;
	36	char *value;
	37	};
	38
	39	static struct cgi_var variables[MAX_VARIABLES];
	40	static int num_variables;
	41	static int content_length;
	42	static int request_post;
	43	static char *query_string;
	44	static const char *baseurl;
	45	static char *pathinfo;
	46	static char *C_user;
[617]	47	static char *C_pass;
[774]	48	static char *C_nonce;
[596]	49	static bool inetd_server;
	50	static bool got_request;
	51
	52	static char grab_line(FILE f, int *cl)
	53	{
	54	char *ret = NULL;
	55	int i = 0;
	56	int len = 0;
	57
	58	while ((*cl)) {
	59	int c;
	60
	61	if (i == len) {
	62	char *ret2;
	63	if (len == 0) len = 1024;
	64	else len *= 2;
	65	ret2 = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(ret, len);
	66	if (!ret2) return ret;
	67	ret = ret2;
	68	}
	69
	70	c = fgetc(f);
	71	(*cl)--;
	72
	73	if (c == EOF) {
	74	(*cl) = 0;
	75	break;
	76	}
	77
	78	if (c == '\r') continue;
	79
	80	if (strchr_m("\n&", c)) break;
	81
	82	ret[i++] = c;
	83
	84	}
	85
	86	if (ret) {
	87	ret[i] = 0;
	88	}
	89	return ret;
	90	}
	91
	92	/**
	93	URL encoded strings can have a '+', which should be replaced with a space
	94
	95	(This was in rfc1738_unescape(), but that broke the squid helper)
	96	**/
	97
	98	static void plus_to_space_unescape(char *buf)
	99	{
	100	char *p=buf;
	101
	102	while ((p=strchr_m(p,'+')))
	103	*p = ' ';
	104	}
	105
	106	/***************************************************************************
	107	load all the variables passed to the CGI program. May have multiple variables
	108	with the same name and the same or different values. Takes a file parameter
	109	for simulating CGI invocation eg loading saved preferences.
	110	***************************************************************************/
	111	void cgi_load_variables(void)
	112	{
	113	static char *line;
	114	char p, s, *tok;
	115	int len, i;
	116	FILE *f = stdin;
	117
	118	#ifdef DEBUG_COMMENTS
	119	char dummy[100]="";
	120	print_title(dummy);
	121	d_printf("<!== Start dump in cgi_load_variables() %s ==>\n",__FILE__);
	122	#endif
	123
	124	if (!content_length) {
	125	p = getenv("CONTENT_LENGTH");
	126	len = p?atoi(p):0;
	127	} else {
	128	len = content_length;
	129	}
	130
	131
	132	if (len > 0 &&
	133	(request_post \|\|
	134	((s=getenv("REQUEST_METHOD")) &&
	135	strequal(s,"POST")))) {
	136	while (len && (line=grab_line(f, &len))) {
	137	p = strchr_m(line,'=');
	138	if (!p) continue;
	139
	140	*p = 0;
	141
	142	variables[num_variables].name = SMB_STRDUP(line);
	143	variables[num_variables].value = SMB_STRDUP(p+1);
	144
	145	SAFE_FREE(line);
	146
	147	if (!variables[num_variables].name \|\|
	148	!variables[num_variables].value)
	149	continue;
	150
	151	plus_to_space_unescape(variables[num_variables].value);
	152	rfc1738_unescape(variables[num_variables].value);
	153	plus_to_space_unescape(variables[num_variables].name);
	154	rfc1738_unescape(variables[num_variables].name);
	155
	156	#ifdef DEBUG_COMMENTS
	157	printf("<!== POST var %s has value \"%s\" ==>\n",
	158	variables[num_variables].name,
	159	variables[num_variables].value);
	160	#endif
	161
	162	num_variables++;
	163	if (num_variables == MAX_VARIABLES) break;
	164	}
	165	}
	166
	167	fclose(stdin);
	168	open("/dev/null", O_RDWR);
	169
	170	if ((s=query_string) \|\| (s=getenv("QUERY_STRING"))) {
	171	char *saveptr;
	172	for (tok=strtok_r(s, "&;", &saveptr); tok;
	173	tok=strtok_r(NULL, "&;", &saveptr)) {
	174	p = strchr_m(tok,'=');
	175	if (!p) continue;
	176
	177	*p = 0;
	178
	179	variables[num_variables].name = SMB_STRDUP(tok);
	180	variables[num_variables].value = SMB_STRDUP(p+1);
	181
	182	if (!variables[num_variables].name \|\|
	183	!variables[num_variables].value)
	184	continue;
	185
	186	plus_to_space_unescape(variables[num_variables].value);
	187	rfc1738_unescape(variables[num_variables].value);
	188	plus_to_space_unescape(variables[num_variables].name);
	189	rfc1738_unescape(variables[num_variables].name);
	190
	191	#ifdef DEBUG_COMMENTS
	192	printf("<!== Commandline var %s has value \"%s\" ==>\n",
	193	variables[num_variables].name,
	194	variables[num_variables].value);
	195	#endif
	196	num_variables++;
	197	if (num_variables == MAX_VARIABLES) break;
	198	}
	199
	200	}
	201	#ifdef DEBUG_COMMENTS
	202	printf("<!== End dump in cgi_load_variables() ==>\n");
	203	#endif
	204
	205	/* variables from the client are in UTF-8 - convert them
	206	to our internal unix charset before use */
	207	for (i=0;i<num_variables;i++) {
	208	TALLOC_CTX *frame = talloc_stackframe();
	209	char *dest = NULL;
	210	size_t dest_len;
	211
	212	convert_string_talloc(frame, CH_UTF8, CH_UNIX,
	213	variables[i].name, strlen(variables[i].name),
	214	&dest, &dest_len, True);
	215	SAFE_FREE(variables[i].name);
	216	variables[i].name = SMB_STRDUP(dest ? dest : "");
	217
	218	dest = NULL;
	219	convert_string_talloc(frame, CH_UTF8, CH_UNIX,
	220	variables[i].value, strlen(variables[i].value),
	221	&dest, &dest_len, True);
	222	SAFE_FREE(variables[i].value);
	223	variables[i].value = SMB_STRDUP(dest ? dest : "");
	224	TALLOC_FREE(frame);
	225	}
	226	}
	227
	228
	229	/***************************************************************************
	230	find a variable passed via CGI
	231	Doesn't quite do what you think in the case of POST text variables, because
	232	if they exist they might have a value of "" or even " ", depending on the
	233	browser. Also doesn't allow for variables[] containing multiple variables
	234	with the same name and the same or different values.
	235	***************************************************************************/
	236
	237	const char cgi_variable(const char name)
	238	{
	239	int i;
	240
	241	for (i=0;i<num_variables;i++)
	242	if (strcmp(variables[i].name, name) == 0)
	243	return variables[i].value;
	244	return NULL;
	245	}
	246
	247	/***************************************************************************
	248	Version of the above that can't return a NULL pointer.
	249	***************************************************************************/
	250
	251	const char cgi_variable_nonull(const char name)
	252	{
	253	const char *var = cgi_variable(name);
	254	if (var) {
	255	return var;
	256	} else {
	257	return "";
	258	}
	259	}
	260
	261	/***************************************************************************
	262	tell a browser about a fatal error in the http processing
	263	***************************************************************************/
	264	static void cgi_setup_error(const char err, const char header, const char *info)
	265	{
	266	if (!got_request) {
	267	/* damn browsers don't like getting cut off before they give a request */
	268	char line[1024];
	269	while (fgets(line, sizeof(line)-1, stdin)) {
	270	if (strnequal(line,"GET ", 4) \|\|
	271	strnequal(line,"POST ", 5) \|\|
	272	strnequal(line,"PUT ", 4)) {
	273	break;
	274	}
	275	}
	276	}
	277
	278	d_printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
	279	fclose(stdin);
	280	fclose(stdout);
	281	exit(0);
	282	}
	283
	284
	285	/***************************************************************************
	286	tell a browser about a fatal authentication error
	287	***************************************************************************/
	288	static void cgi_auth_error(void)
	289	{
	290	if (inetd_server) {
	291	cgi_setup_error("401 Authorization Required",
	292	"WWW-Authenticate: Basic realm=\"SWAT\"\r\n",
	293	"You must be authenticated to use this service");
	294	} else {
	295	printf("Content-Type: text/html\r\n");
	296
	297	printf("\r\n<HTML><HEAD><TITLE>SWAT</TITLE></HEAD>\n");
	298	printf("<BODY><H1>Installation Error</H1>\n");
	299	printf("SWAT must be installed via inetd. It cannot be run as a CGI script<p>\n");
	300	printf("</BODY></HTML>\r\n");
	301	}
	302	exit(0);
	303	}
	304
	305	/***************************************************************************
	306	authenticate when we are running as a CGI
	307	***************************************************************************/
	308	static void cgi_web_auth(void)
	309	{
	310	const char *user = getenv("REMOTE_USER");
	311	struct passwd *pwd;
	312	const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
	313	const char *tail = "</BODY></HTML>\r\n";
	314
	315	if (!user) {
	316	printf("%sREMOTE_USER not set. Not authenticated by web server.<br>%s\n",
	317	head, tail);
	318	exit(0);
	319	}
	320
	321	#ifndef __OS2__
	322	pwd = Get_Pwnam_alloc(talloc_autofree_context(), user);
	323
	324	if (!pwd) {
	325	printf("%sCannot find user %s<br>%s\n", head, user, tail);
	326	exit(0);
	327	}
	328
[617]	329	C_user = SMB_STRDUP(user);
	330
	331	if (!setuid(0)) {
[774]	332	C_pass = SMB_STRDUP(cgi_nonce());
[617]	333	}
[596]	334	setuid(pwd->pw_uid);
	335	if (geteuid() != pwd->pw_uid \|\| getuid() != pwd->pw_uid) {
	336	printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
	337	head, user, (int)geteuid(), (int)getuid(), tail);
	338	exit(0);
	339	}
[454]	340	TALLOC_FREE(pwd);
[596]	341	#endif
	342	}
	343
	344
	345	/***************************************************************************
	346	handle a http authentication line
	347	***************************************************************************/
	348	static bool cgi_handle_authorization(char *line)
	349	{
	350	char *p;
	351	fstring user, user_pass;
	352	struct passwd *pass = NULL;
	353
	354	if (!strnequal(line,"Basic ", 6)) {
	355	goto err;
	356	}
	357	line += 6;
	358	while (line[0] == ' ') line++;
	359	base64_decode_inplace(line);
	360	if (!(p=strchr_m(line,':'))) {
	361	/*
	362	* Always give the same error so a cracker
	363	* cannot tell why we fail.
	364	*/
	365	goto err;
	366	}
	367	*p = 0;
	368
	369	convert_string(CH_UTF8, CH_UNIX,
	370	line, -1,
	371	user, sizeof(user), True);
	372
	373	convert_string(CH_UTF8, CH_UNIX,
	374	p+1, -1,
	375	user_pass, sizeof(user_pass), True);
	376
	377	/*
	378	* Try and get the user from the UNIX password file.
	379	*/
	380
	381	pass = Get_Pwnam_alloc(talloc_autofree_context(), user);
	382
	383	/*
	384	* Validate the password they have given.
	385	*/
	386
	387	if NT_STATUS_IS_OK(pass_check(pass, user, user_pass,
	388	strlen(user_pass), NULL, False)) {
	389
	390	if (pass) {
	391	/*
	392	* Password was ok.
	393	*/
	394
	395	if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
	396	goto err;
	397
	398	become_user_permanently(pass->pw_uid, pass->pw_gid);
	399
	400	/* Save the users name */
	401	C_user = SMB_STRDUP(user);
[617]	402	C_pass = SMB_STRDUP(user_pass);
[596]	403	TALLOC_FREE(pass);
	404	return True;
	405	}
	406	}
	407
	408	err:
	409	cgi_setup_error("401 Bad Authorization",
	410	"WWW-Authenticate: Basic realm=\"SWAT\"\r\n",
	411	"username or password incorrect");
	412
	413	TALLOC_FREE(pass);
	414	return False;
	415	}
	416
	417	/***************************************************************************
	418	is this root?
	419	***************************************************************************/
	420	bool am_root(void)
	421	{
	422	if (geteuid() == 0) {
	423	return( True);
	424	} else {
	425	return( False);
	426	}
	427	}
	428
	429	/***************************************************************************
	430	return a ptr to the users name
	431	***************************************************************************/
	432	char *cgi_user_name(void)
	433	{
	434	return(C_user);
	435	}
	436
[617]	437	/***************************************************************************
	438	return a ptr to the users password
	439	***************************************************************************/
	440	char *cgi_user_pass(void)
	441	{
	442	return(C_pass);
	443	}
[596]	444
	445	/***************************************************************************
[774]	446	return a ptr to the nonce
	447	***************************************************************************/
	448	char *cgi_nonce(void)
	449	{
	450	const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
	451	const char *tail = "</BODY></HTML>\r\n";
	452	C_nonce = secrets_fetch_generic("root", "SWAT");
	453	if (C_nonce == NULL) {
	454	char *tmp_pass = NULL;
	455	tmp_pass = generate_random_str(talloc_tos(), 16);
	456	if (tmp_pass == NULL) {
	457	printf("%sFailed to create random nonce for "
	458	"SWAT session\n<br>%s\n", head, tail);
	459	exit(0);
	460	}
	461	secrets_store_generic("root", "SWAT", tmp_pass);
	462	C_nonce = SMB_STRDUP(tmp_pass);
	463	TALLOC_FREE(tmp_pass);
	464	}
	465	return(C_nonce);
	466	}
	467
	468
	469	/***************************************************************************
[596]	470	handle a file download
	471	***************************************************************************/
	472	static void cgi_download(char *file)
	473	{
	474	SMB_STRUCT_STAT st;
	475	char buf[1024];
	476	int fd, l, i;
	477	char *p;
	478	char *lang;
	479
	480	/* sanitise the filename */
	481	for (i=0;file[i];i++) {
	482	if (!isalnum((int)file[i]) && !strchr_m("/.-_", file[i])) {
	483	cgi_setup_error("404 File Not Found","",
	484	"Illegal character in filename");
	485	}
	486	}
	487
	488	if (sys_stat(file, &st, false) != 0) {
	489	cgi_setup_error("404 File Not Found","",
	490	"The requested file was not found");
	491	}
	492
	493	if (S_ISDIR(st.st_ex_mode))
	494	{
	495	snprintf(buf, sizeof(buf), "%s/index.html", file);
	496	if (!file_exist_stat(buf, &st, false)
	497	\|\| !S_ISREG(st.st_ex_mode))
	498	{
	499	cgi_setup_error("404 File Not Found","",
	500	"The requested file was not found");
	501	}
	502	}
	503	else if (S_ISREG(st.st_ex_mode))
	504	{
	505	snprintf(buf, sizeof(buf), "%s", file);
	506	}
	507	else
	508	{
	509	cgi_setup_error("404 File Not Found","",
	510	"The requested file was not found");
	511	}
	512
	513	fd = web_open(buf,O_RDONLY,0);
	514	if (fd == -1) {
	515	cgi_setup_error("404 File Not Found","",
	516	"The requested file was not found");
	517	}
	518	printf("HTTP/1.0 200 OK\r\n");
	519	if ((p=strrchr_m(buf, '.'))) {
	520	if (strcmp(p,".gif")==0) {
	521	printf("Content-Type: image/gif\r\n");
	522	} else if (strcmp(p,".jpg")==0) {
	523	printf("Content-Type: image/jpeg\r\n");
	524	} else if (strcmp(p,".png")==0) {
	525	printf("Content-Type: image/png\r\n");
	526	} else if (strcmp(p,".css")==0) {
	527	printf("Content-Type: text/css\r\n");
	528	} else if (strcmp(p,".txt")==0) {
	529	printf("Content-Type: text/plain\r\n");
	530	} else {
	531	printf("Content-Type: text/html\r\n");
	532	}
	533	}
	534	printf("Expires: %s\r\n",
	535	http_timestring(talloc_tos(), time(NULL)+EXPIRY_TIME));
	536
	537	lang = lang_tdb_current();
	538	if (lang) {
	539	printf("Content-Language: %s\r\n", lang);
	540	}
	541
	542	printf("Content-Length: %d\r\n\r\n", (int)st.st_ex_size);
	543	while ((l=read(fd,buf,sizeof(buf)))>0) {
	544	if (fwrite(buf, 1, l, stdout) != l) {
	545	break;
	546	}
	547	}
	548	close(fd);
	549	exit(0);
	550	}
	551
	552
	553
	554
	555	/**
	556	* @brief Setup the CGI framework.
	557	*
	558	* Setup the cgi framework, handling the possibility that this program
	559	* is either run as a true CGI program with a gateway to a web server, or
	560	* is itself a mini web server.
	561	**/
	562	void cgi_setup(const char *rootdir, int auth_required)
	563	{
	564	bool authenticated = False;
	565	char line[1024];
	566	char *url=NULL;
	567	char *p;
	568	char *lang;
	569
	570	if (chdir(rootdir)) {
	571	cgi_setup_error("500 Server Error", "",
	572	"chdir failed - the server is not configured correctly");
	573	}
	574
	575	/* Handle the possibility we might be running as non-root */
	576	sec_init();
	577
	578	if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
	579	/* if running as a cgi program */
	580	web_set_lang(lang);
	581	}
	582
	583	/* maybe we are running under a web server */
	584	if (getenv("CONTENT_LENGTH") \|\| getenv("REQUEST_METHOD")) {
	585	if (auth_required) {
	586	cgi_web_auth();
	587	}
	588	return;
	589	}
	590
	591	inetd_server = True;
	592
	593	if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
	594	cgi_setup_error("403 Forbidden", "",
	595	"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
	596	}
	597
	598	/* we are a mini-web server. We need to read the request from stdin
	599	and handle authentication etc */
	600	while (fgets(line, sizeof(line)-1, stdin)) {
	601	if (line[0] == '\r' \|\| line[0] == '\n') break;
	602	if (strnequal(line,"GET ", 4)) {
	603	got_request = True;
	604	url = SMB_STRDUP(&line[4]);
	605	} else if (strnequal(line,"POST ", 5)) {
	606	got_request = True;
	607	request_post = 1;
	608	url = SMB_STRDUP(&line[5]);
	609	} else if (strnequal(line,"PUT ", 4)) {
	610	got_request = True;
	611	cgi_setup_error("400 Bad Request", "",
	612	"This server does not accept PUT requests");
	613	} else if (strnequal(line,"Authorization: ", 15)) {
	614	authenticated = cgi_handle_authorization(&line[15]);
	615	} else if (strnequal(line,"Content-Length: ", 16)) {
	616	content_length = atoi(&line[16]);
	617	} else if (strnequal(line,"Accept-Language: ", 17)) {
	618	web_set_lang(&line[17]);
	619	}
	620	/* ignore all other requests! */
	621	}
	622
	623	if (auth_required && !authenticated) {
	624	cgi_auth_error();
	625	}
	626
	627	if (!url) {
	628	cgi_setup_error("400 Bad Request", "",
	629	"You must specify a GET or POST request");
	630	}
	631
	632	/* trim the URL */
	633	if ((p = strchr_m(url,' ')) \|\| (p=strchr_m(url,'\t'))) {
	634	*p = 0;
	635	}
	636	while (*url && strchr_m("\r\n",url[strlen(url)-1])) {
	637	url[strlen(url)-1] = 0;
	638	}
	639
	640	/* anything following a ? in the URL is part of the query string */
	641	if ((p=strchr_m(url,'?'))) {
	642	query_string = p+1;
	643	*p = 0;
	644	}
	645
	646	string_sub(url, "/swat/", "", 0);
	647
	648	if (url[0] != '/' && strstr(url,"..")==0) {
	649	cgi_download(url);
	650	}
	651
	652	printf("HTTP/1.0 200 OK\r\nConnection: close\r\n");
	653	printf("Date: %s\r\n", http_timestring(talloc_tos(), time(NULL)));
	654	baseurl = "";
	655	pathinfo = url+1;
	656	}
	657
	658
	659	/***************************************************************************
	660	return the current pages URL
	661	***************************************************************************/
	662	const char *cgi_baseurl(void)
	663	{
	664	if (inetd_server) {
	665	return baseurl;
	666	}
	667	return getenv("SCRIPT_NAME");
	668	}
	669
	670	/***************************************************************************
	671	return the current pages path info
	672	***************************************************************************/
	673	const char *cgi_pathinfo(void)
	674	{
	675	char *r;
	676	if (inetd_server) {
	677	return pathinfo;
	678	}
	679	r = getenv("PATH_INFO");
	680	if (!r) return "";
	681	if (*r == '/') r++;
	682	return r;
	683	}
	684
	685	/***************************************************************************
	686	return the hostname of the client
	687	***************************************************************************/
	688	const char *cgi_remote_host(void)
	689	{
	690	if (inetd_server) {
	691	return get_peer_name(1,False);
	692	}
	693	return getenv("REMOTE_HOST");
	694	}
	695
	696	/***************************************************************************
	697	return the hostname of the client
	698	***************************************************************************/
	699	const char *cgi_remote_addr(void)
	700	{
	701	if (inetd_server) {
	702	char addr[INET6_ADDRSTRLEN];
	703	get_peer_addr(1,addr,sizeof(addr));
	704	return talloc_strdup(talloc_tos(), addr);
	705	}
	706	return getenv("REMOTE_ADDR");
	707	}
	708
	709
	710	/***************************************************************************
	711	return True if the request was a POST
	712	***************************************************************************/
	713	bool cgi_waspost(void)
	714	{
	715	if (inetd_server) {
	716	return request_post;
	717	}
	718	return strequal(getenv("REQUEST_METHOD"), "POST");
	719	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/samba-3.5.x/source3/web/cgi.c

Download in other formats: