Beispiel #1
0
bool CWRequest::ReceiveFromWeb(string* pSessionID, string* pRequestID, bool* pThisIsCookieCheck, bool* pCookieCheckOk, bool* pLongPolling, bool* pKeepAlive, string* pErrorMessage)
{
    Clear();

    CGI_varlist* query = 0;
    CGI_varlist* post = 0;
    CGI_varlist* cookie = 0;

    string file_upload_template = TempDir() + "cgi-upload-XXXXXX";

    query = CGI_get_query(NULL);
    post = CGI_get_post(NULL, file_upload_template.c_str());
    cookie = CGI_get_cookie(NULL);

    if(query != 0)
    {
        const char *name = 0;
        CGI_value  *value = 0;
        for(name = CGI_first_name(query); name != 0; name = CGI_next_name(query))
        {
            value = CGI_lookup_all(query, 0);
            for(int i = 0; value[i] != 0; i++)
            {
                string name_value = "";
                name_value = name_value + name;
                name_value = name_value + "=";
                name_value = name_value + value[i];
                Query->Add(name_value);
            }
        }
    }

    if(post != 0)
    {
        const char *name = 0;
        CGI_value  *value = 0;
        for(name = CGI_first_name(post); name != 0; name = CGI_next_name(post))
        {
            value = CGI_lookup_all(post, 0);
            for(int i = 0; value[i] != 0; i++)
            {
                string name_value = "";
                name_value = name_value + name;
                name_value = name_value + "=";
                name_value = name_value + value[i];
                Post->Add(name_value);
            }
        }
    }

    if(cookie != 0)
    {
        const char *name = 0;
        CGI_value  *value = 0;
        for(name = CGI_first_name(cookie); name != 0; name = CGI_next_name(cookie))
        {
            value = CGI_lookup_all(cookie, 0);
            for(int i = 0; value[i] != 0; i++)
            {
                string name_value = "";
                name_value = name_value + name;
                name_value = name_value + "=";
                name_value = name_value + value[i];
                Cookie->Add(name_value);
            }
        }
    }

    CGI_free_varlist(cookie);
    CGI_free_varlist(post);
    CGI_free_varlist(query);

    // environment variables
    Env->SetValue("SERVER_NAME", GetEnv("SERVER_NAME"));
    Env->SetValue("SERVER_PORT", GetEnv("SERVER_PORT"));
    Env->SetValue("SCRIPT_NAME", GetEnv("SCRIPT_NAME"));
    Env->SetValue("REQUEST_METHOD", GetEnv("REQUEST_METHOD"));
    Env->SetValue("DOCUMENT_ROOT", GetEnv("DOCUMENT_ROOT"));
    Env->SetValue("REMOTE_ADDR", GetEnv("REMOTE_ADDR"));
    Env->SetValue("HTTP_USER_AGENT", GetEnv("HTTP_USER_AGENT"));
    Env->SetValue("HTTP_REFERER", GetEnv("HTTP_REFERER"));
    Env->SetValue("HTTP_COOKIE", GetEnv("HTTP_COOKIE"));
    Env->SetValue("CONTENT_TYPE", GetEnv("CONTENT_TYPE"));
    Env->SetValue("HTTPS", GetEnv("HTTPS"));

    // read and return session_id
    string session_id = Cookie->GetValue("session_id");
    string request_id = CreateRequestID();
    bool this_is_cookie_check = GetValue("cookie_check") == "1" || GetValue("cookie_check") == "true";
    DeleteNameValue("cookie_check");
    bool cookie_check_ok = Cookie->GetValue("cookie_check_data") == "123";
    bool long_polling = GetValue("long_polling") == "1" || GetValue("long_polling") == "true";
    bool keep_alive = GetValue("keep_alive") == "1" || GetValue("keep_alive") == "true";

    if(pSessionID != NULL) *pSessionID = session_id;
    if(pRequestID != NULL) *pRequestID = request_id;
    if(pThisIsCookieCheck != NULL) *pThisIsCookieCheck = this_is_cookie_check;
    if(pCookieCheckOk != NULL) *pCookieCheckOk = cookie_check_ok;
    if(pLongPolling != NULL) *pLongPolling = long_polling;
    if(pKeepAlive != NULL) *pKeepAlive = keep_alive;

    return true;
}
Beispiel #2
0
int main(int argc, char **argv)
{
    CGI_varlist *varlist; const char *name; CGI_value  *value;  int i,j,iter,portflag = 0; cJSON *json; long offset;
    char urlbuf[512],namebuf[512],postbuf[65536],*retstr,*delim,*url = 0;
    setenv("CONTENT_TYPE", "application/x-www-form-urlencoded", 1);
    json = cJSON_CreateObject();
    for (i=j=0; argv[0][i]!=0; i++)
        if ( argv[0][i] == '/' || argv[0][i] == '\\' )
            j = i+1;
    strcpy(namebuf,&argv[0][j]);
    offset = strlen(namebuf) - 4;
    if ( offset > 0 && strcmp(".exe",namebuf + offset) == 0 )
        namebuf[offset] = 0;
    if ( strcmp(namebuf,"api") != 0 )
        cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
    if ( strcmp("nxt",namebuf) == 0 )
        url = "http://127.0.0.1:7876/nxt";
    else if ( strcmp("nxts",namebuf) == 0 )
        url = "https://127.0.0.1:7876/nxt";
    else if ( strcmp("port",namebuf) == 0 )
        url = "http://127.0.0.1", portflag = 1;
    else if ( strcmp("ports",namebuf) == 0 )
        url = "https://127.0.0.1", portflag = 1;
    if ( url != 0 )
         postbuf[0] = 0, delim = "";
    for (iter=0; iter<2; iter++)
    {
        if ( (varlist= ((iter==0) ? CGI_get_post(0,0) : CGI_get_query(0))) != 0 )
        {
            for (name=CGI_first_name(varlist); name!=0; name=CGI_next_name(varlist))
            {
                value = CGI_lookup_all(varlist,0);
                for (i=0; value[i]!=0; i++)
                {
                    //fprintf(stderr,"%s [%d] = %s\r\n", name, i, value[i]);
                    if ( i == 0 )
                    {
                        if ( url == 0 )
                            cJSON_AddItemToObject(json,name,cJSON_CreateString(value[i]));
                        else
                        {
                            if ( portflag != 0 && strncmp(name,"port",strlen("port")) == 0 )
                                sprintf(urlbuf,"%s:%s",url,value[i]), url = urlbuf, portflag = 0;
                            else sprintf(postbuf + strlen(postbuf),"%s%s=%s",delim,name,value[i]), delim = "&";
                        }
                    }
                }
            }
        }
        CGI_free_varlist(varlist);
    }
    fputs("Access-Control-Allow-Origin: null\r\n",stdout);
    fputs("Access-Control-Allow-Headers: Authorization, Content-Type\r\n",stdout);
    fputs("Access-Control-Allow-Credentials: true\r\n",stdout);
    fputs("Access-Control-Allow-Methods: GET, POST, OPTIONS\r\n",stdout);
    fputs("Content-type: text/plain\r\n",stdout);
    if ( url != 0 )
    {
fprintf(stderr,"url.(%s) (%s)\n",url,postbuf);
        if ( (retstr= issue_POST(url,postbuf)) != 0 )
        {
            //fprintf(stderr,"%s",retstr);
            printf("Content-Length: %ld\r\n\r\n",strlen(retstr)+2);
            printf("%s\r\n",retstr);
            free(retstr);
        } else printf("{\"error\":\"null return from issue_NXTPOST\"}\r\n");
    }
    else
    {
        process_json(json);
    }
    free_json(json);
    return 0;
}
Beispiel #3
0
int main(int argc, char **argv)
{
    void portable_OS_init();
    CGI_varlist *varlist; const char *name; char namebuf[512],postbuf[65536],*remoteaddr,*str=0,*retstr,*delim,*url = 0;
    int i,j,iter,localaccess=0,doneflag=0,portflag = 0; cJSON *json; long offset; CGI_value  *value; struct destbuf urlbuf;
    portable_OS_init();
    setenv("CONTENT_TYPE", "application/x-www-form-urlencoded", 1);
    json = cJSON_CreateObject();
    if ( (remoteaddr= getenv("REMOTE_ADDR")) == 0 || strncmp("127.0.0.1",remoteaddr,strlen("127.0.0.1")) == 0 )
        remoteaddr = 0,localaccess = 1;
    else cJSON_AddItemToObject(json,"remoteaddr",cJSON_CreateString(remoteaddr));
    for (i=j=0; argv[0][i]!=0; i++)
        if ( argv[0][i] == '/' || argv[0][i] == '\\' )
            j = i+1;
    strcpy(namebuf,&argv[0][j]);
    offset = strlen(namebuf) - 4;
    if ( offset > 0 && strcmp(".exe",namebuf + offset) == 0 )
        namebuf[offset] = 0;
    if ( offset > 0 && strcmp(".cgi",namebuf + offset) == 0 )
        namebuf[offset] = 0;
    if ( strcmp(namebuf,"init") == 0 || strcmp(namebuf,"") == 0 || strcmp(namebuf,"index.cgi") == 0 )
    {
        // "http://178.63.60.131/init/?requestType=status&coin=VRC"
        //"http://78.47.115.250:7777/public?plugin=relay&method=busdata&servicename=MGW&serviceNXT=8119557380101451968&destplugin=MGW&submethod=status&coin=BTC"
        if ( strcmp(namebuf,"api") != 0 )
            cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
        cJSON_AddItemToObject(json,"plugin",cJSON_CreateString("relay"));
        cJSON_AddItemToObject(json,"method",cJSON_CreateString("busdata"));
        cJSON_AddItemToObject(json,"servicename",cJSON_CreateString("MGW"));
        cJSON_AddItemToObject(json,"serviceNXT",cJSON_CreateString("8119557380101451968"));
        cJSON_AddItemToObject(json,"destplugin",cJSON_CreateString("MGW"));
        if ( jstr(json,"requestType") != 0 )
            cJSON_AddItemToObject(json,"submethod",cJSON_CreateString(jstr(json,"requestType")));
    }
    if ( strcmp("nxt",namebuf) == 0 )
    {
        if ( setnxturl(&urlbuf) != 0 )
            url = urlbuf.buf;
        else url = "http://127.0.0.1:7876/nxt";
    }
    else if ( strcmp("nxts",namebuf) == 0 )
        url = "https://127.0.0.1:7876/nxt";
    else if ( strcmp("port",namebuf) == 0 )
        url = "http://127.0.0.1", portflag = 1;
    else if ( strcmp("ports",namebuf) == 0 )
        url = "https://127.0.0.1", portflag = 1;
    fprintf(stderr,"namebuf.(%s)\n",namebuf);
    if ( url != 0 )
         postbuf[0] = 0, delim = "";
    for (iter=0; iter<3; iter++)
    {
        if ( (varlist= ((iter==0) ? CGI_get_post(0,0) : ((iter==1) ? CGI_get_query(0) : CGI_get_cookie(0)))) != 0 )
        {
            for (name=CGI_first_name(varlist); name!=0&&doneflag==0; name=CGI_next_name(varlist))
            {
                value = CGI_lookup_all(varlist,0);
                for (i=0; value[i]!=0; i++)
                {
                fprintf(stderr,"iter.%d %s [%d] = %s\r\n",iter,name,i,value[i]);
                    if ( i == 0 )
                    {
                        if ( url == 0 )
                        {
                            if ( strcmp(name,"stringified") == 0 || strcmp(namebuf,"stringified") == 0 )
                            {
                                char *unstringify(char *str);
                                cJSON *obj;
                                if ( (obj= cJSON_Parse(name)) == 0 )
                                {
                                    str = malloc(strlen(value[i])+1);
                                    strcpy(str,value[i]);
                                    unstringify(str);
                                    printf("unstringify (%s) -> (%s)\n",value[i],str);
                                    obj= cJSON_Parse(str);
                                }
                                if ( obj != 0 )
                                {
                                    //unstringified ((null)) -> ({"stringified":{"method":"orderbook","baseid":"12071612744977229797","relid":"5527630","maxdepth":"1"},"agent":"InstantDEX"})
                                    free_json(json);
                                    if ( jobj(obj,"stringified") != 0 )
                                        json = cJSON_Duplicate(jobj(obj,"stringified"),1), free_json(obj);
                                    else json = obj;
                                    cJSON_AddItemToObject(json,"agent",cJSON_CreateString("InstantDEX"));
                                    if ( remoteaddr != 0 && remoteaddr[0] != 0 )
                                        cJSON_AddItemToObject(json,"remoteaddr",cJSON_CreateString(remoteaddr));
                                    fprintf(stderr,"unstringified (%s) -> (%s)\n",str!=0?str:"",jprint(json,0));
                                    if ( str != 0 )
                                        free(str);
                                    doneflag = 1;
                                    break;
                                }
                            }
                            cJSON_AddItemToObject(json,name,cJSON_CreateString(value[i]));
                        }
                        else
                        {
                            if ( portflag != 0 && strncmp(name,"port",strlen("port")) == 0 )
                                sprintf(urlbuf.buf,"%s:%s",url,value[i]), url = urlbuf.buf, portflag = 0;
                            else sprintf(postbuf + strlen(postbuf),"%s%s=%s",delim,name,value[i]), delim = "&";
                        }
                    }
                }
            }
        }
        CGI_free_varlist(varlist);
    }
    if ( localaccess == 0 )
        fputs("Access-Control-Allow-Origin: *\r\n",stdout);
    else fputs("Access-Control-Allow-Origin: null\r\n",stdout);
    fputs("Access-Control-Allow-Credentials: true\r\n",stdout);
    fputs("Access-Control-Allow-Headers: Authorization, Content-Type\r\n",stdout);
    fputs("Access-Control-Allow-Methods: GET, POST, OPTIONS\r\n",stdout);
    fputs("Cache-Control: no-cache, no-store, must-revalidate\r\n",stdout);
    fputs("Content-type: text/plain\r\n",stdout);
    if ( url != 0 )
    {
fprintf(stderr,"url.(%s) (%s)\n",url,postbuf);
        if ( (retstr= issue_POST(url,postbuf)) != 0 )
        {
            //fprintf(stderr,"%s",retstr);
            printf("Content-Length: %ld\r\n\r\n",strlen(retstr)+2);
            printf("%s\r\n",retstr);
            free(retstr);
        } else printf("{\"error\":\"null return from issue_NXTPOST\"}\r\n");
    }
    else
    {
        if ( jobj(json,"agent") == 0 && strcmp(namebuf,"api") != 0 )
            cJSON_AddItemToObject(json,"agent",cJSON_CreateString(namebuf));
        fprintf(stderr,"PROCESS.(%s)\n",jprint(json,0));
        process_json(json,remoteaddr,localaccess);
    }
    free_json(json);
    return 0;
}
int main(int argc, char **argv)
{
 CGI_varlist *vl;
 int tlen = strlen(TMP_PATH);
 FILE *log;
 const char *name, *dir;
 char prefix[BUFSIZ] = UPL_PATH, dst[BUFSIZ], srv[BUFSIZ],
      *p = getenv("SCRIPT_NAME");

 umask(umask((mode_t)0)|S_IWUSR|S_IWGRP|S_IWOTH|S_IXUSR|S_IXGRP|S_IXOTH);

 printf("Content-type: text/plain\r\n\r\n");

 if(p != NULL) /* The CGI-reported basename must be the target server */
 {
  char genbuf[BUFSIZ];

  if(strlcpy(dst, p,         BUFSIZ) >= BUFSIZ) return 1; /* These are self-  */
  if((p = strrchr(dst, '/')) != NULL) p++; else p = dst;
  if(strlcpy(genbuf, p,      BUFSIZ) >= BUFSIZ) return 1; /* inflicted errors */
  if(strlcpy(srv, p,         BUFSIZ) >= BUFSIZ) return 1; /* that users should*/
  if((p = strchr(genbuf, '.')) != NULL) *p = '\0';
  if((p = strchr(srv, '.')) != NULL) *p = '\0';
  if(strlcat(prefix, genbuf, BUFSIZ) >= BUFSIZ ||
     strlcat(prefix, "-",    BUFSIZ) >= BUFSIZ) return 1; /* not normally see */
 } else { e("config error"); return 1; }


 if((log = fopen(LOG_PATH, "a")) == NULL) { e("log error"); return 1; }

 if((vl = CGI_get_all(TMP_PATH"-XXXXXX")) == 0 ) { e("nodata"); return 1; }

/*All files received--force to disk: sync && echo 3 > /proc/sys/vm/drop_caches*/
 sync(); /* Suggest to disk */

 if((dir = CGI_lookup(vl, "dir")))
 {
  FILE *dirs = fopen(DIR_PATH, "r"); /* SMB server permitted directories */
  char genbuf[BUFSIZ], f = 1;

  if(!dirs) { e("no dir"); return 1; }
  while(fgets(genbuf, BUFSIZ, dirs))
  { /* Remove the fgets-included newline */
   if((p = strrchr(genbuf, '\n')) != NULL) *p = '\0';
   if(!strcmp(genbuf, dir)) { f = 0; break; }
  }

  fclose(dirs);

  if(f) { e("no dir"); return 1; }
 }
 else { e("no dir"); return 1; }

 printf("%s\n", dir);

 for(name = CGI_first_name(vl); name != 0; name = CGI_next_name(vl))
 {
  int i;
  CGI_value *val;

  if(!(val = CGI_lookup_all(vl, 0))) continue;

  for(i = 0; val[i]; i++)
  {
   struct stat junk_buf; /* Does filename match TMP_PATH, and exist? */

   if(!strncmp(val[i], TMP_PATH, tlen) && !stat(val[i], &junk_buf))
   { /* RFC-1867 files come in name pairs, and the index must be advanced. */
    FILE *goodfile;
    const char *z;
    time_t epoch = time(NULL);
    struct tm *now = localtime(&epoch);
    int j = i++; /* Now, val[j] == tmp_name, val[i] == user's sent name. */

    strftime(dst, BUFSIZ, "%y/%m/%d %H:%M:%S", now);
    fprintf(log, "%s %s %s", dst, getenv("REMOTE_ADDR"), val[i]);

    if((z = strrchr(val[i], '/')) != NULL) z++; else z = val[i];
    if((p = strrchr(z, '\\')) != NULL) z = p + 1; /* IE sends full path. */

    if(strlcpy(dst, prefix, BUFSIZ) >= BUFSIZ ||
       strlcat(dst, z,      BUFSIZ) >= BUFSIZ) /* Skip if basename oversized. */
    {
     e("error\n");
     fprintf(log, " _FLEN-RETAINED_ %s\n", val[j]);
     continue;
    }

    if(link(val[j], dst) && /* On link failure, try to keep this data.   */
       (strlcat(dst, val[j] + tlen, BUFSIZ) >= BUFSIZ || /* new filename */
        link(val[j], dst))) /* mkstemp suffix appended                   */
    {
     printf("name_error\t%s\n", val[i]);
     fprintf(log, " _LINK-RETAINED_ %s\n", val[j]);
     continue;
    } else fprintf(log, " _RENAMED_ %s", dst);

    if(unlink(val[j]))
    {
     printf("tmp_error\t%s\n", val[i]); /* This is not a fatal error */
     fprintf(log, " _UNLINK-RETAINED_ %s", val[j]);
    }

    fprintf(log,"\n");

    if((goodfile = fopen(dst, "r")))
    {
     SHA256_CTX ctx;
     uchar buf[BUFSIZ];
     char cmd[BUFSIZ], dirbuf[BUFSIZ];

     /* Report the sha256sum--at least client can verify this leg of the trip */
     sha256_init(&ctx);
     while((j = fread(buf, 1, BUFSIZ, goodfile))) sha256_update(&ctx, buf, j);
     sha256_final(&ctx, buf);
     fclose(goodfile);

     for(j = 0; j < 32; j++) printf("%02x", buf[j]);
     printf("\t%s\n", val[i]);

     /* Build the smbclient command line - add -e for encryption if desired */
     if(strlcpy(cmd, "smbclient -mSMB3 -A/usr/local/etc/.", BUFSIZ) >= BUFSIZ ||
     strlcat(cmd, srv,         BUFSIZ) >= BUFSIZ ||/*Note:smbclient didn't get*/
     strlcat(cmd, ".auth '//", BUFSIZ) >= BUFSIZ ||/*    SMB3 until Samba v4.1*/
     strlcat(cmd, srv,         BUFSIZ) >= BUFSIZ) { E(); continue; }

     if(*dir != '/' && strlcat(cmd, "/", BUFSIZ) >= BUFSIZ) { E(); continue; }
     if(            strlcpy(dirbuf, dir, BUFSIZ) >= BUFSIZ) { E(); continue; }

     if((p = strchr(dirbuf + 1, '/')) != NULL)
     { /* Pull the share name off, then cd to subdir */
      *p = '\0';
      if(strlcat(cmd, dirbuf,        BUFSIZ) >= BUFSIZ ||
         strlcat(cmd, "' -c 'cd \"", BUFSIZ) >= BUFSIZ ||
         strlcat(cmd, p + 1,         BUFSIZ) >= BUFSIZ ||
         strlcat(cmd, "\"; ",        BUFSIZ) >= BUFSIZ) { E(); continue; }
     } /* smbclient doesn't cd properly if this isn't done */
     else
     { /* No subdir, so put directly */
      if(strlcat(cmd, dir,           BUFSIZ) >= BUFSIZ ||
         strlcat(cmd, "' -c '",      BUFSIZ) >= BUFSIZ) { E(); continue; }
     }

     if(strlcat(cmd, "put \"",       BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, dst,            BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, "\" \"",        BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, z,              BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, "\"; dir \"",   BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, z,              BUFSIZ) >= BUFSIZ ||
        strlcat(cmd, "\"' 2>&1",     BUFSIZ) >= BUFSIZ) { E(); continue; }

     fprintf(log, "%s\n", cmd);

     if((goodfile = popen(cmd, "r"))) /* Run the SMB transfer */
     {
      while(fgets(cmd, BUFSIZ, goodfile)) printf("%s", cmd);
      pclose(goodfile);
     }
    }
   }
  }
 }

 CGI_free_varlist(vl);
 fclose(log);
 fflush(NULL);
 return 0;
}