cgi.c

来自「samba-3.0.22.tar.gz 编译smb服务器的源码」· C语言 代码 · 共 651 行 · 第 1/2 页

	base64_decode_inplace(line);
	if (!(p=strchr_m(line,':'))) {
		/*
		 * Always give the same error so a cracker
		 * cannot tell why we fail.
		 */
		goto err;
	}
	*p = 0;

	convert_string(CH_UTF8, CH_UNIX, 
		       line, -1, 
		       user, sizeof(user), True);

	convert_string(CH_UTF8, CH_UNIX, 
		       p+1, -1, 
		       user_pass, sizeof(user_pass), True);

	/*
	 * Try and get the user from the UNIX password file.
	 */
	
	pass = getpwnam_alloc(user);
	
	/*
	 * Validate the password they have given.
	 */
	
	if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, 
		      strlen(user_pass), NULL, False)) {
		
		if (pass) {
			/*
			 * Password was ok.
			 */
			
			if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
				goto err;

			become_user_permanently(pass->pw_uid, pass->pw_gid);
			
			/* Save the users name */
			C_user = SMB_STRDUP(user);
			passwd_free(&pass);
			return True;
		}
	}
	
err:
	cgi_setup_error("401 Bad Authorization", 
			"WWW-Authenticate: Basic realm=\"SWAT\"\r\n",
			"username or password incorrect");

	passwd_free(&pass);
	return False;
}

/***************************************************************************
is this root?
  ***************************************************************************/
BOOL am_root(void)
{
	if (geteuid() == 0) {
		return( True);
	} else {
		return( False);
	}
}

/***************************************************************************
return a ptr to the users name
  ***************************************************************************/
char *cgi_user_name(void)
{
        return(C_user);
}


/***************************************************************************
handle a file download
  ***************************************************************************/
static void cgi_download(char *file)
{
	SMB_STRUCT_STAT st;
	char buf[1024];
	int fd, l, i;
	char *p;
	char *lang;

	/* sanitise the filename */
	for (i=0;file[i];i++) {
		if (!isalnum((int)file[i]) && !strchr_m("/.-_", file[i])) {
			cgi_setup_error("404 File Not Found","",
					"Illegal character in filename");
		}
	}

	if (sys_stat(file, &st) != 0) 
	{
		cgi_setup_error("404 File Not Found","",
				"The requested file was not found");
	}

	if (S_ISDIR(st.st_mode))
	{
		snprintf(buf, sizeof(buf), "%s/index.html", file);
		if (!file_exist(buf, &st) || !S_ISREG(st.st_mode))
		{
			cgi_setup_error("404 File Not Found","",
					"The requested file was not found");
		}
	}
	else if (S_ISREG(st.st_mode))
	{
		snprintf(buf, sizeof(buf), "%s", file);
	}
	else
	{
		cgi_setup_error("404 File Not Found","",
				"The requested file was not found");
	}

	fd = web_open(buf,O_RDONLY,0);
	if (fd == -1) {
		cgi_setup_error("404 File Not Found","",
				"The requested file was not found");
	}
	printf("HTTP/1.0 200 OK\r\n");
	if ((p=strrchr_m(buf, '.'))) {
		if (strcmp(p,".gif")==0) {
			printf("Content-Type: image/gif\r\n");
		} else if (strcmp(p,".jpg")==0) {
			printf("Content-Type: image/jpeg\r\n");
		} else if (strcmp(p,".png")==0) {
			printf("Content-Type: image/png\r\n");
		} else if (strcmp(p,".css")==0) {
			printf("Content-Type: text/css\r\n");
		} else if (strcmp(p,".txt")==0) {
			printf("Content-Type: text/plain\r\n");
		} else {
			printf("Content-Type: text/html\r\n");
		}
	}
	printf("Expires: %s\r\n", http_timestring(time(NULL)+EXPIRY_TIME));

	lang = lang_tdb_current();
	if (lang) {
		printf("Content-Language: %s\r\n", lang);
	}

	printf("Content-Length: %d\r\n\r\n", (int)st.st_size);
	while ((l=read(fd,buf,sizeof(buf)))>0) {
		fwrite(buf, 1, l, stdout);
	}
	close(fd);
	exit(0);
}




/**
 * @brief Setup the CGI framework.
 *
 * Setup the cgi framework, handling the possibility that this program
 * is either run as a true CGI program with a gateway to a web server, or
 * is itself a mini web server.
 **/
void cgi_setup(const char *rootdir, int auth_required)
{
	BOOL authenticated = False;
	char line[1024];
	char *url=NULL;
	char *p;
	char *lang;

	if (chdir(rootdir)) {
		cgi_setup_error("500 Server Error", "",
				"chdir failed - the server is not configured correctly");
	}

	/* Handle the possibility we might be running as non-root */
	sec_init();

	if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
		/* if running as a cgi program */
		web_set_lang(lang);
	}

	/* maybe we are running under a web server */
	if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
		if (auth_required) {
			cgi_web_auth();
		}
		return;
	}

	inetd_server = True;

	if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
		cgi_setup_error("403 Forbidden", "",
				"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
	}

	/* we are a mini-web server. We need to read the request from stdin
	   and handle authentication etc */
	while (fgets(line, sizeof(line)-1, stdin)) {
		if (line[0] == '\r' || line[0] == '\n') break;
		if (strnequal(line,"GET ", 4)) {
			got_request = True;
			url = SMB_STRDUP(&line[4]);
		} else if (strnequal(line,"POST ", 5)) {
			got_request = True;
			request_post = 1;
			url = SMB_STRDUP(&line[5]);
		} else if (strnequal(line,"PUT ", 4)) {
			got_request = True;
			cgi_setup_error("400 Bad Request", "",
					"This server does not accept PUT requests");
		} else if (strnequal(line,"Authorization: ", 15)) {
			authenticated = cgi_handle_authorization(&line[15]);
		} else if (strnequal(line,"Content-Length: ", 16)) {
			content_length = atoi(&line[16]);
		} else if (strnequal(line,"Accept-Language: ", 17)) {
			web_set_lang(&line[17]);
		}
		/* ignore all other requests! */
	}

	if (auth_required && !authenticated) {
		cgi_auth_error();
	}

	if (!url) {
		cgi_setup_error("400 Bad Request", "",
				"You must specify a GET or POST request");
	}

	/* trim the URL */
	if ((p = strchr_m(url,' ')) || (p=strchr_m(url,'\t'))) {
		*p = 0;
	}
	while (*url && strchr_m("\r\n",url[strlen(url)-1])) {
		url[strlen(url)-1] = 0;
	}

	/* anything following a ? in the URL is part of the query string */
	if ((p=strchr_m(url,'?'))) {
		query_string = p+1;
		*p = 0;
	}

	string_sub(url, "/swat/", "", 0);

	if (url[0] != '/' && strstr(url,"..")==0) {
		cgi_download(url);
	}

	printf("HTTP/1.0 200 OK\r\nConnection: close\r\n");
	printf("Date: %s\r\n", http_timestring(time(NULL)));
	baseurl = "";
	pathinfo = url+1;
}


/***************************************************************************
return the current pages URL
  ***************************************************************************/
const char *cgi_baseurl(void)
{
	if (inetd_server) {
		return baseurl;
	}
	return getenv("SCRIPT_NAME");
}

/***************************************************************************
return the current pages path info
  ***************************************************************************/
const char *cgi_pathinfo(void)
{
	char *r;
	if (inetd_server) {
		return pathinfo;
	}
	r = getenv("PATH_INFO");
	if (!r) return "";
	if (*r == '/') r++;
	return r;
}

/***************************************************************************
return the hostname of the client
  ***************************************************************************/
char *cgi_remote_host(void)
{
	if (inetd_server) {
		return get_peer_name(1,False);
	}
	return getenv("REMOTE_HOST");
}

/***************************************************************************
return the hostname of the client
  ***************************************************************************/
char *cgi_remote_addr(void)
{
	if (inetd_server) {
		return get_peer_addr(1);
	}
	return getenv("REMOTE_ADDR");
}


/***************************************************************************
return True if the request was a POST
  ***************************************************************************/
BOOL cgi_waspost(void)
{
	if (inetd_server) {
		return request_post;
	}
	return strequal(getenv("REQUEST_METHOD"), "POST");
}