// Write a message into Cedar log
void CedarLog(char *str)
{
char *tmp;
// Validate arguments
if (str == NULL)
{
return;
}
if (cedar_log_ref == NULL)
{
return;
}
tmp = CopyStr(str);
if (StrLen(tmp) > 1)
{
if (tmp[StrLen(tmp) - 1] == '\n')
{
tmp[StrLen(tmp) - 1] = 0;
}
if (StrLen(tmp) > 1)
{
if (tmp[StrLen(tmp) - 1] == '\r')
{
tmp[StrLen(tmp) - 1] = 0;
}
}
}
InsertStringRecord(cedar_log, tmp);
Free(tmp);
}
int IDriveRenameFile(TFileStore *FS, char *FromArg, char *ToArg)
{
char *Tempstr=NULL, *Error=NULL, *FromPath=NULL, *ToPath=NULL;
HTTPInfoStruct *Info;
ListNode *Headers;
int result, val;
STREAM *S;
FromPath=MakeFullPath(FromPath,FS, FromArg);
ToPath=MakeFullPath(ToPath,FS, ToArg);
Tempstr=MCopyStr(Tempstr,"https://",FS->Host,"/evs/renameFileFolder?uid=",FS->Logon,"&pwd=",FS->Passwd,"&oldpath=",FromPath,"&newpath=",ToPath,NULL);
S=HTTPMethod("POST",Tempstr,"","","","",0);
val=HTTPReadDocument(S, &Tempstr);
if (Settings.Flags & FLAG_VERBOSE) printf("\n%s\n",Tempstr);
Error=CopyStr(Error,"");
result=IDriveParseStatusResponse(Tempstr, &Error);
DestroyString(Tempstr);
DestroyString(Error);
DestroyString(FromPath);
DestroyString(ToPath);
return(result);
}
static char *FindExtender( char *fullpath, char **endname )
{
#if defined(DOS4G)
char *name;
const char __far *d4gname;
unsigned len;
d4gname = DOSEnvFind( "DOS4GPATH" );
if( d4gname != NULL ) {
_DBG_Write("Got DOS4GPATH -<");
_DBG_Write(d4gname);
_DBG_Writeln(">");
len = _fstrlen( d4gname );
if( len > 4 ) {
const char __far *ext = d4gname + len - 4;
if( ext[0] == '.'
&& LOW( ext[1] ) == 'e'
&& LOW( ext[2] ) == 'x'
&& LOW( ext[3] ) == 'e' ) {
_DBG_Writeln( "is exe\r\n" );
*endname = CopyStr( d4gname, fullpath );
return( fullpath );
}
}
name = CheckPath( d4gname, fullpath, endname );
if( name != NULL ) {
_DBG_Writeln( "found in path\r\n" );
return( name );
}
}
#endif
return( CheckPath( DOSEnvFind( "PATH" ), fullpath, endname ) );
}
int PAMConvFunc(int NoOfMessages, const struct pam_message **messages,
struct pam_response **responses, void *appdata)
{
int count;
const struct pam_message *mess;
struct pam_response *resp;
*responses=(struct pam_response *) calloc(NoOfMessages,sizeof(struct pam_response));
mess=*messages;
resp=*responses;
for (count=0; count < NoOfMessages; count++)
{
if ((mess->msg_style==PAM_PROMPT_ECHO_OFF) ||
(mess->msg_style==PAM_PROMPT_ECHO_ON))
{
resp->resp=CopyStr(NULL,(char *) appdata);
resp->resp_retcode=0;
}
mess++;
resp++;
}
return(PAM_SUCCESS);
}
time_t DateStrToSecs(const char *DateFormat, const char *Str, const char *TimeZone)
{
time_t Secs=0;
struct tm TMS;
char *Tempstr=NULL;
if (StrLen(DateFormat)==0) return(0);
if (StrLen(Str)==0) return(0);
if (StrLen(TimeZone))
{
if (getenv("TZ")) Tempstr=CopyStr(Tempstr,getenv("TZ"));
setenv("TZ",TimeZone,TRUE);
tzset();
}
strptime(Str,DateFormat,&TMS);
TMS.tm_isdst=-1;
Secs=mktime(&TMS);
if (StrLen(TimeZone))
{
if (! Tempstr) unsetenv("TZ");
else setenv("TZ",Tempstr,TRUE);
tzset();
}
return(Secs);
}
// Get Ethernet device list on Solaris
TOKEN_LIST *GetEthListSolaris()
{
TOKEN_LIST *t;
int i, s;
LIST *o;
o = NewListFast(CompareStr);
s = socket(AF_INET, SOCK_DGRAM, 0);
if (s != INVALID_SOCKET)
{
struct lifnum lifn;
lifn.lifn_family = AF_INET;
lifn.lifn_flags = 0;
if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) >= 0)
{
struct lifconf lifc;
struct lifreq *buf;
UINT numifs;
UINT bufsize;
numifs = lifn.lifn_count;
Debug("NumIFs:%d\n",numifs);
bufsize = numifs * sizeof(struct lifreq);
buf = Malloc(bufsize);
lifc.lifc_family = AF_INET;
lifc.lifc_flags = 0;
lifc.lifc_len = bufsize;
lifc.lifc_buf = (char*) buf;
if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) >= 0)
{
for (i = 0; i<numifs; i++)
{
if(StartWith(buf[i].lifr_name, "lo") == false){
Add(o, CopyStr(buf[i].lifr_name));
}
}
}
Free(buf);
}
closesocket(s);
}
Sort(o);
t = ZeroMalloc(sizeof(TOKEN_LIST));
t->NumTokens = LIST_NUM(o);
t->Token = ZeroMalloc(sizeof(char *) * t->NumTokens);
for (i = 0;i < LIST_NUM(o);i++)
{
char *name = LIST_DATA(o, i);
t->Token[i] = name;
}
ReleaseList(o);
return t;
}
char *FormatURL(char *Buff, HTTPSession *Session, const char *ItemPath)
{
char *Tempstr=NULL, *Quoted=NULL;
const char *ptr=NULL, *sd_ptr;
int len;
if (StrLen(Session->Host))
{
if (Settings.Flags & FLAG_SSL) Tempstr=MCopyStr(Buff,"https://",Session->Host,"/",NULL);
else Tempstr=MCopyStr(Buff,"http://",Session->Host,"/",NULL);
}
else Tempstr=CopyStr(Tempstr,"/");
ptr=ItemPath;
while (*ptr == '/') ptr++;
if (StrLen(Session->StartDir)) sd_ptr=Session->StartDir;
else sd_ptr="";
while (*sd_ptr == '/') sd_ptr++;
len=StrLen(sd_ptr);
if (strncmp(ptr, sd_ptr,len)==0) ptr+=len;
Quoted=HTTPQuoteChars(Quoted,ptr," ()[]{}\t?&%!,+\':;#");
Tempstr=CatStr(Tempstr,Quoted);
DestroyString(Quoted);
return(Tempstr);
}
void HTTPServerFindAndSendDocument(STREAM *S, HTTPSession *Session, int Flags)
{
char *Path=NULL, *ptr;
TPathItem *PI=NULL;
ListNode *Curr;
if (! VPathProcess(S, Session, Flags))
{
ptr=Session->StartDir;
if (*ptr=='.') ptr++;
if (strcmp(ptr,"/")==0) Path=CopyStr(Path,Session->Path);
else Path=MCopyStr(Path,ptr,Session->Path,NULL);
PI=VPathFind(PATHTYPE_FILETYPE, Session->Path);
if (PI)
{
if (PI->Flags & PATHITEM_COMPRESS) Session->Flags |= FLAG_COMPRESS;
if (PI->Flags & PATHITEM_NO_COMPRESS) Session->Flags &= ~FLAG_COMPRESS;
if (PI->CacheTime > 0) Session->CacheTime=PI->CacheTime;
}
//One day we will be able to handle scripts inside of chroot using embedded
//scripting. But not today.
// if (PI && (PI->Flags & PATHITEM_EXEC)) HTTPServerExecCGI(S, Session, Path);
//else
HTTPServerSendDocument(S, Session, Path, Flags);
}
DestroyString(Path);
}
// Create new user object
USER *NewUser(char *name, wchar_t *realname, wchar_t *note, UINT authtype, void *authdata)
{
USER *u;
// Validate arguments
if (name == NULL || realname == NULL || note == NULL)
{
return NULL;
}
if (authtype != AUTHTYPE_ANONYMOUS && authdata == NULL)
{
return NULL;
}
u = ZeroMalloc(sizeof(USER));
u->lock = NewLock();
u->ref = NewRef();
u->Name = CopyStr(name);
u->RealName = CopyUniStr(realname);
u->Note = CopyUniStr(note);
u->GroupName = NULL;
u->Group = NULL;
u->AuthType = authtype;
u->AuthData = authdata;
u->CreatedTime = SystemTime64();
u->UpdatedTime = SystemTime64();
u->Policy = NULL;
u->Traffic = NewTraffic();
return u;
}
TFingerprint *CheckForMatch(HashratCtx *Ctx, const char *Path, struct stat *FStat, const char *HashStr)
{
TFingerprint *Lookup, *Head=NULL, *Prev=NULL, *Item=NULL, *Result=NULL;
void *ptr;
if (! StrValid(Path)) return(NULL);
Lookup=TFingerprintCreate(HashStr,"","",Path);
switch (Ctx->Action)
{
case ACT_FINDMATCHES_MEMCACHED:
Lookup->Data=MemcachedGet(Lookup->Data, Lookup->Hash);
if (StrValid(Lookup->Data)) Result=TFingerprintCreate(Lookup->Hash, Lookup->HashType, Lookup->Data, "");
break;
case ACT_FINDDUPLICATES:
case ACT_FINDMATCHES:
ptr=tfind(Lookup, &Tree, MatchCompareFunc);
if (ptr)
{
Item=*(TFingerprint **) ptr;
//we have to make a copy because 'Result' is destroyed by parent function
Result=TFingerprintCreate(Item->Hash, Item->HashType, Item->Data, Item->Path);
}
break;
default:
ptr=tfind(Lookup, &Tree, MatchCompareFunc);
if (ptr)
{
Item=FindPathMatches(Ctx, *(TFingerprint **) ptr, Path);
if (Item)
{
Result=TFingerprintCreate(Item->Hash, Item->HashType, Item->Data, Item->Path);
if (Ctx->Action==ACT_CHECK)
{
if (Item==Head)
{
if (Item->Next==NULL)
{
// tree functions take a copy of the 'head' item, so we cannot
// destroy it. No idea how they do this, it's magic
// however we can destroy non-head items that we hang off
// the tree
tdelete(Lookup, &Tree, MatchCompareFunc);
}
else Item->Path=CopyStr(Item->Path, "");
}
//else TFingerprintDestroy(Item);
}
}
}
break;
}
TFingerprintDestroy(Lookup);
return(Result);
}
int AuthPAM(TSession *Session)
{
int result;
AuthenticationsTried=CatStr(AuthenticationsTried,"pam ");
if(! PAMStart(Session, Session->User))
{
LogToFile(Settings.ServerLogPath,"PAM: No such user %s",Session->User);
return(USER_UNKNOWN);
}
/* set the credentials for the remote user and remote host */
result=pam_authenticate(pamh,0);
if (result==PAM_SUCCESS)
{
Session->Flags |= SESSION_PAM;
Session->RealUser=CopyStr(Session->RealUser,Session->User);
return(TRUE);
}
else return(FALSE);
}
int IDriveOpen(TFileStore *FS)
{
char *Tempstr=NULL, *TagName=NULL, *TagData=NULL, *ptr;
ListNode *Vars;
STREAM *S;
int result=FALSE;
if (! FS)
{
return(FALSE);
}
//Always require login for IDrive
if (! StrLen(FS->Passwd)) RequestAuthDetails(&FS->Logon,&FS->Passwd);
time(&StartTime);
HTTPSetFlags(HTTP_NODECODE);
//Get Address of the server that stores my data
FS->CurrDir=CopyStr(FS->CurrDir,"/");
if (StrLen(FS->InitDir)) FS->ChDir(FS,FS->InitDir);
Tempstr=MCopyStr(Tempstr,"https://evs.idrive.com/evs/getServerAddress?uid=",FS->Logon,"&pwd=",FS->Passwd,NULL);
S=HTTPMethod("POST",Tempstr,"","","","",0);
if (S)
{
Tempstr=STREAMReadDocument(Tempstr, S, TRUE);
Vars=ListCreate();
IDriveParseResponse(Tempstr, Vars);
FS->Host=CopyStr(FS->Host,GetVar(Vars,"webApiServer"));
PrintConnectionDetails(FS,S);
STREAMClose(S);
result=TRUE;
}
ListDestroy(Vars,DestroyString);
DestroyString(Tempstr);
DestroyString(TagData);
DestroyString(TagName);
return(result);
}
// Cut out the token from the string (not ignore the blanks between delimiters)
TOKEN_LIST *ParseTokenWithNullStr(char *str, char *split_chars)
{
LIST *o;
UINT i, len;
BUF *b;
char zero = 0;
TOKEN_LIST *t;
// Validate arguments
if (str == NULL)
{
return NullToken();
}
if (split_chars == NULL)
{
split_chars = DefaultTokenSplitChars();
}
b = NewBuf();
o = NewListFast(NULL);
len = StrLen(str);
for (i = 0;i < (len + 1);i++)
{
char c = str[i];
bool flag = IsCharInStr(split_chars, c);
if (c == '\0')
{
flag = true;
}
if (flag == false)
{
WriteBuf(b, &c, sizeof(char));
}
else
{
WriteBuf(b, &zero, sizeof(char));
Insert(o, CopyStr((char *)b->Buf));
ClearBuf(b);
}
}
t = ZeroMalloc(sizeof(TOKEN_LIST));
t->NumTokens = LIST_NUM(o);
t->Token = ZeroMalloc(sizeof(char *) * t->NumTokens);
for (i = 0;i < t->NumTokens;i++)
{
t->Token[i] = LIST_DATA(o, i);
}
ReleaseList(o);
FreeBuf(b);
return t;
}
OAUTH *OAuthCreate(const char *Type, const char *Name, const char *ClientID, const char *ClientSecret, const char *Scopes, const char *RefreshURL)
{
OAUTH *Ctx;
char *Tempstr=NULL, *Token=NULL;
const char *ptr;
if (OAuthTypes==NULL) SetupOAuthTypes();
ptr=GetVar(OAuthTypes, Type);
if (! StrValid(ptr)) return(NULL);
Ctx=(OAUTH *) calloc(1,sizeof(OAUTH));
ptr=GetToken(ptr,",",&(Ctx->Stage1), 0);
ptr=GetToken(ptr,",",&(Ctx->Stage2), 0);
ptr=GetToken(ptr,",",&(Ctx->VerifyTemplate), 0);
Ctx->Name=CopyStr(Ctx->Name, Name);
Ctx->Vars=ListCreate();
SetVar(Ctx->Vars,"client_name",ClientID);
SetVar(Ctx->Vars,"client_id",ClientID);
SetVar(Ctx->Vars,"client_secret",ClientSecret);
Tempstr=HTTPQuote(Tempstr, Scopes);
SetVar(Ctx->Vars,"scope",Tempstr);
SetVar(Ctx->Vars,"redirect_uri","urn:ietf:wg:oauth:2.0:oob");
SetVar(Ctx->Vars,"connect_back_page","<html><body><h1>Code Accepted By Application</h1><body></html>");
Ctx->AccessToken=CopyStr(Ctx->AccessToken, "");
Ctx->RefreshToken=CopyStr(Ctx->RefreshToken, "");
Ctx->RefreshURL=CopyStr(Ctx->RefreshURL, RefreshURL);
Ctx->SavePath=MCopyStr(Ctx->SavePath, GetCurrUserHomeDir(), "/.oauth.creds",NULL);
if (strcasecmp(Type, "getpocket.com")==0)
{
ptr=GetToken(ClientID,"-",&Token,0);
Tempstr=MCopyStr(Tempstr, "pocketapp",Token,":authorizationFinished",NULL);
SetVar(Ctx->Vars, "redirect_uri",Tempstr);
//Ctx->VerifyURL=MCopyStr(Ctx->VerifyURL,"https://getpocket.com/auth/authorize?request_token=",Ctx->AccessToken,"&redirect_uri=",Args,NULL);
}
else if (strcasecmp(Type, "implicit")==0) Ctx->Flags |= OAUTH_IMPLICIT;
if (! OAuthKeyChain) OAuthKeyChain=ListCreate();
ListAddNamedItem(OAuthKeyChain, Name, Ctx);
DestroyString(Tempstr);
DestroyString(Token);
return(Ctx);
}
char *LogFileInternalGetRotateDestinationPath(char *RetStr, TLogFile *LogFile)
{
char *Tempstr=NULL;
Tempstr=CopyStr(Tempstr, STREAMGetValue(LogFile->S,"RotatePath"));
if (StrLen(Tempstr) && strchr(Tempstr,'$'))
{
STREAMSetValue(LogFile->S, "Date",GetDateStr("%Y_%m_%d",NULL));
STREAMSetValue(LogFile->S, "Time",GetDateStr("%H:%M:%S",NULL));
RetStr=SubstituteVarsInString(RetStr,Tempstr,LogFile->S->Values,0);
}
else RetStr=CopyStr(RetStr,LogFile->Path);
DestroyString(Tempstr);
return(RetStr);
}
char *GetDefaultUser()
{
char *Possibilities[]={"nobody","daemon","guest",NULL};
TSession *Session;
int i;
Session=(TSession *) calloc(1,sizeof(TSession));
for (i=0; Possibilities[i] !=NULL; i++)
{
Session->User=CopyStr(Session->User,Possibilities[i]);
Session->Passwd=CopyStr(Session->Passwd,"");
if (AuthPasswdFile(Session) != USER_UNKNOWN) break;
}
return(Possibilities[i]);
}
// Main function
void MainFunction(char *cmd)
{
char tmp[MAX_SIZE];
bool first = true;
bool exit_now = false;
while (true)
{
if (first && StrLen(cmd) != 0 && g_memcheck == false)
{
first = false;
StrCpy(tmp, sizeof(tmp), cmd);
exit_now = true;
Print("%s\n", cmd);
}
else
{
_exit(0);
}
Trim(tmp);
if (StrLen(tmp) != 0)
{
UINT i, num;
bool b = false;
TOKEN_LIST *token = ParseCmdLine(tmp);
char *cmd = token->Token[0];
num = sizeof(test_list) / sizeof(TEST_LIST);
for (i = 0;i < num;i++)
{
if (!StrCmpi(test_list[i].command_str, cmd))
{
char **arg = Malloc(sizeof(char *) * (token->NumTokens - 1));
UINT j;
for (j = 0;j < token->NumTokens - 1;j++)
{
arg[j] = CopyStr(token->Token[j + 1]);
}
test_list[i].proc(token->NumTokens - 1, arg);
for (j = 0;j < token->NumTokens - 1;j++)
{
Free(arg[j]);
}
Free(arg);
b = true;
_exit(1);
break;
}
}
FreeToken(token);
if (exit_now)
{
break;
}
}
}
}
int AuthShadowFile(HTTPSession *Session)
{
char *sptr, *eptr, *Salt=NULL, *Digest=NULL;
int result=FALSE;
#ifdef HAVE_SHADOW_H
#include <shadow.h>
struct spwd *pass_struct=NULL;
pass_struct=getspnam(Session->UserName);
if (pass_struct==NULL) return(USER_UNKNOWN);
sptr=pass_struct->sp_pwdp;
#ifdef HAVE_LIBCRYPT
// this is an md5 password
if (
(StrLen(sptr) > 4) &&
(strncmp(sptr,"$1$",3)==0)
)
{
eptr=strchr(sptr+3,'$');
Salt=CopyStrLen(Salt,sptr,eptr-sptr);
Digest=CopyStr(Digest, crypt(Session->Password,Salt));
if (sptr && (strcmp(Digest,sptr)==0) )
{
result=TRUE;
}
}
else
{
// assume old des crypt password
sptr=crypt(Session->Password,pass_struct->sp_pwdp);
if (sptr && (strcmp(pass_struct->sp_pwdp, sptr)==0))
{
result=TRUE;
}
}
AuthenticationsTried=CatStr(AuthenticationsTried,"shadow ");
#endif
if (result && (Settings.Flags & FLAG_LOG_VERBOSE))
{
LogToFile(Settings.LogPath,"AUTH: UserName '%s' Authenticated via /etc/shadow.",Session->UserName);
}
#endif
DestroyString(Salt);
DestroyString(Digest);
return(result);
}
void ParseURL(char *URL, char **Proto, char **Host, char **Port, char **User, char **Password, char **Path, char **Args)
{
char *ptr, *aptr;
char *Token=NULL, *tProto=NULL;
//Even if they pass NULL for protocol, we need to take a copy for use in
//the 'guess the port' section below
ptr=GetToken(URL,":",&tProto,0);
strlwr(tProto);
if (Proto) *Proto=CopyStr(*Proto,tProto);
//some number of '//' follow protocol
while (*ptr=='/') ptr++;
ptr=GetToken(ptr,"/",&Token,0);
ParseHostDetails(Token,Host,Port,User,Password);
//Only split the HTTP CGI arguments from the document path if we were asked to return
//the args seperately
if (Args)
{
aptr=strrchr(ptr,'?');
if (aptr)
{
*aptr='\0';
aptr++;
*Args=CopyStr(*Args,aptr);
}
}
//the 'GetToken' call will have thrown away the '/' at the start of the path
//add it back in
if (Path) *Path=MCopyStr(*Path,"/",ptr,NULL);
if (Port && (! StrLen(*Port)))
{
if (strcmp(tProto,"http")==0) *Port=CopyStr(*Port,"80");
else if (strcmp(tProto,"https")==0) *Port=CopyStr(*Port,"443");
else if (strcmp(tProto,"ssh")==0) *Port=CopyStr(*Port,"22");
else if (strcmp(tProto,"ftp")==0) *Port=CopyStr(*Port,"21");
else if (strcmp(tProto,"telnet")==0) *Port=CopyStr(*Port,"23");
else if (strcmp(tProto,"smtp")==0) *Port=CopyStr(*Port,"25");
else if (strcmp(tProto,"mailto")==0) *Port=CopyStr(*Port,"25");
}
DestroyString(Token);
DestroyString(tProto);
}
TTransferContext *TransferContextCreate(TFileStore *SrcFS, TFileStore *DestFS, int Command, int CmdFlags, ListNode *Vars)
{
TTransferContext *Ctx;
char *ptr;
Ctx=(TTransferContext *) calloc(1,sizeof(TTransferContext));
Ctx->SrcFS=SrcFS;
Ctx->DestFS=DestFS;
Ctx->Command=Command;
Ctx->CmdFlags=CmdFlags;
Ctx->Vars=Vars;
ptr=GetVar(Vars,"Throttle");
if (ptr) Ctx->Throttle=atoi(ptr);
Ctx->IncludePattern=CopyStr(Ctx->IncludePattern,GetVar(Vars,"IncludePattern"));
Ctx->ExcludePattern=CopyStr(Ctx->ExcludePattern,GetVar(Vars,"ExcludePattern"));
Ctx->PostCopyHook=CopyStr(Ctx->PostCopyHook,GetVar(Vars,"PostCopyHook"));
Ctx->PreCopyHook=CopyStr(Ctx->PreCopyHook,GetVar(Vars,"PreCopyHook"));
if (Command == CMD_PUT) Ctx->ActionName=CopyStr(Ctx->ActionName,"put");
else if (Command == CMD_CREATE) Ctx->ActionName=CopyStr(Ctx->ActionName,"create");
else Ctx->ActionName=CopyStr(Ctx->ActionName,"get");
ptr=GetVar(Vars,"CompareLevel");
Ctx->CompareLevel=FileStoreSelectCompareLevel(SrcFS,DestFS,ptr);
ptr=GetVar(Vars,"IntegrityLevel");
if (StrLen(ptr)) Ctx->IntegrityLevel=FileStoreSelectCompareLevel(SrcFS,DestFS,ptr);
return(Ctx);
}
//This is the function we call in the child process for 'SpawnCommand'
int BASIC_FUNC_EXEC_COMMAND(void *Command, int Flags)
{
int result;
char *Token=NULL, *FinalCommand=NULL, *ExecPath=NULL;
char **argv;
const char *ptr;
int i;
if (Flags & SPAWN_TRUST_COMMAND) FinalCommand=CopyStr(FinalCommand, (char *) Command);
else FinalCommand=MakeShellSafeString(FinalCommand, (char *) Command, 0);
StripTrailingWhitespace(FinalCommand);
if (Flags & SPAWN_NOSHELL)
{
argv=(char **) calloc(101,sizeof(char *));
ptr=FinalCommand;
ptr=GetToken(FinalCommand,"\\S",&Token,GETTOKEN_QUOTES);
ExecPath=FindFileInPath(ExecPath,Token,getenv("PATH"));
i=0;
if (! (Flags & SPAWN_ARG0))
{
argv[0]=CopyStr(argv[0],ExecPath);
i=1;
}
for (; i < 100; i++)
{
ptr=GetToken(ptr,"\\S",&Token,GETTOKEN_QUOTES);
if (! ptr) break;
argv[i]=CopyStr(argv[i],Token);
}
execv(ExecPath,argv);
}
else result=execl("/bin/sh","/bin/sh","-c",(char *) Command,NULL);
RaiseError(ERRFLAG_ERRNO, "Spawn", "Failed to execute '%s'",Command);
//We'll never get to here unless something fails!
DestroyString(FinalCommand);
DestroyString(ExecPath);
DestroyString(Token);
return(result);
}
// Remove duplications from the token list
TOKEN_LIST *UniqueToken(TOKEN_LIST *t)
{
UINT i, num, j, n;
TOKEN_LIST *ret;
// Validate arguments
if (t == NULL)
{
return NULL;
}
num = 0;
for (i = 0;i < t->NumTokens;i++)
{
bool exists = false;
for (j = 0;j < i;j++)
{
if (StrCmpi(t->Token[j], t->Token[i]) == 0)
{
exists = true;
break;
}
}
if (exists == false)
{
num++;
}
}
ret = ZeroMalloc(sizeof(TOKEN_LIST));
ret->Token = ZeroMalloc(sizeof(char *) * num);
ret->NumTokens = num;
n = 0;
for (i = 0;i < t->NumTokens;i++)
{
bool exists = false;
for (j = 0;j < i;j++)
{
if (StrCmpi(t->Token[j], t->Token[i]) == 0)
{
exists = true;
break;
}
}
if (exists == false)
{
ret->Token[n++] = CopyStr(t->Token[i]);
}
}
return ret;
}
// Get network connection name from Ethernet device name
void GetEthNetworkConnectionName(wchar_t *dst, UINT size, char *device_name)
{
WP_ADAPTER *t;
char *tmp = NULL, guid[MAX_SIZE];
wchar_t *ncname = NULL;
UniStrCpy(dst, size, L"");
// Validate arguments
if (device_name == NULL || IsEthSupported() == false ||
IsNt() == false || MsIsWin2000OrGreater() == false)
{
return;
}
Lock(eth_list_lock);
InitEthAdaptersList();
t = Win32EthSearch(device_name);
if (t == NULL)
{
Unlock(eth_list_lock);
return;
}
tmp = CopyStr(t->Name);
Unlock(eth_list_lock);
if (IsEmptyStr(t->Guid) == false)
{
StrCpy(guid, sizeof(guid), t->Guid);
Free(tmp);
}
else
{
ReplaceStr(guid, sizeof(guid), tmp, "\\Device\\SEE_", "");
Free(tmp);
ReplaceStr(guid, sizeof(guid), guid, "\\Device\\NPF_", "");
ReplaceStr(guid, sizeof(guid), guid, "\\Device\\PCD_", "");
}
if(guid == NULL)
{
return;
}
ncname = MsGetNetworkConnectionName(guid);
if(ncname != NULL)
{
UniStrCpy(dst, size, ncname);
}
Free(ncname);
}
char *VFormatStr(char *InBuff, const char *InputFmtStr, va_list args)
{
int inc=100, count=1, result=0, FmtLen;
char *Tempstr=NULL, *FmtStr=NULL, *ptr;
va_list argscopy;
Tempstr=InBuff;
//Take a copy of the supplied Format string and change it.
//Do not allow '%n', it's useable for exploits
FmtLen=StrLen(InputFmtStr);
FmtStr=CopyStr(FmtStr,InputFmtStr);
//Deny %n. Replace it with %x which prints out the value of any supplied argument
ptr=strstr(FmtStr,"%n");
while (ptr)
{
memcpy(ptr,"%x",2);
ptr++;
ptr=strstr(ptr,"%n");
}
inc=4 * FmtLen; //this should be a good average
for (count=1; count < 100; count++)
{
result=inc * count +1;
Tempstr=SetStrLen(Tempstr, result);
//the vsnprintf function DESTROYS the arg list that is passed to it.
//This is just plain WRONG, it's a long-standing bug. The solution is to
//us va_copy to make a new one every time and pass that in.
va_copy(argscopy,args);
result=vsnprintf(Tempstr,result,FmtStr,argscopy);
va_end(argscopy);
/* old style returns -1 to say couldn't fit data into buffer.. so we */
/* have to guess again */
if (result==-1) continue;
/* new style returns how long buffer should have been.. so we resize it */
if (result > (inc * count))
{
Tempstr=SetStrLen(Tempstr, result+10);
va_copy(argscopy,args);
result=vsnprintf(Tempstr,result+10,FmtStr,argscopy);
va_end(argscopy);
}
break;
}
DestroyString(FmtStr);
return(Tempstr);
}
char *FolderDlgInnerA(HWND hWnd, wchar_t *title, char *default_dir)
{
BROWSEINFOA info;
char display_name[MAX_PATH];
FOLDER_DLG_INNER_DATA data;
LPMALLOC pMalloc;
char *ret = NULL;
char *title_a;
if (UniIsEmptyStr(title))
{
title = NULL;
}
if (IsEmptyStr(default_dir))
{
default_dir = NULL;
}
Zero(&data, sizeof(data));
data.default_dir = CopyStrToUni(default_dir);
Zero(display_name, sizeof(display_name));
Zero(&info, sizeof(info));
info.hwndOwner = hWnd;
info.pidlRoot = NULL;
info.pszDisplayName = display_name;
title_a = CopyUniToStr(title);
info.lpszTitle = title_a;
info.ulFlags = BIF_NEWDIALOGSTYLE | BIF_RETURNONLYFSDIRS | BIF_VALIDATE | BIF_SHAREABLE;
info.lpfn = FolderDlgInnerCallbackA;
info.lParam = (LPARAM)&data;
if (SUCCEEDED(SHGetMalloc(&pMalloc)))
{
LPITEMIDLIST pidl;
pidl = SHBrowseForFolderA(&info);
if (pidl)
{
char tmp[MAX_PATH];
if (SHGetPathFromIDListA(pidl, tmp))
{
ret = CopyStr(tmp);
}
pMalloc->Free(pidl);
}
pMalloc->Release();
}
Free(data.default_dir);
Free(title_a);
return ret;
}
int UploadReadMultipartHeaders(STREAM *S, char **Field, char **FileName)
{
char *Tempstr=NULL, *Name=NULL, *Value=NULL, *ptr;
int result=FALSE;
Tempstr=STREAMReadLine(Tempstr,S);
while (StrLen(Tempstr))
{
StripTrailingWhitespace(Tempstr);
ptr=GetToken(Tempstr,":",&Name,0);
if (strcasecmp(Name,"Content-Disposition")==0)
{
ptr=GetNameValuePair(ptr,";","=",&Name,&Value);
while (ptr)
{
StripLeadingWhitespace(Name);
StripTrailingWhitespace(Name);
StripLeadingWhitespace(Value);
StripTrailingWhitespace(Value);
if (strcasecmp(Name,"name")==0)
{
*Field=CopyStr(*Field,Value);
result=TRUE;
}
if (strcasecmp(Name,"filename")==0)
{
*FileName=CopyStr(*FileName,Value);
result=TRUE;
}
ptr=GetNameValuePair(ptr,";","=",&Name,&Value);
}
}
Tempstr=STREAMReadLine(Tempstr,S);
StripTrailingWhitespace(Tempstr);
}
DestroyString(Tempstr);
DestroyString(Name);
DestroyString(Value);
return(result);
}
char *HTTPHeadersAppendAuth(char *RetStr, char *AuthHeader, HTTPInfoStruct *Info, HTTPAuthStruct *AuthInfo)
{
char *SendStr=NULL, *Tempstr=NULL;
char *HA1=NULL, *HA2=NULL, *ClientNonce=NULL, *Digest=NULL;
int i, AuthCounter;
if (! AuthInfo) return(RetStr);
SendStr=CatStr(RetStr,"");
//Authentication by an opaque authentication token that is handled
//elsewhere, and is set as the 'Password'
if (AuthInfo->Flags & HTTP_AUTH_TOKEN)
{
SendStr=MCatStr(SendStr,AuthHeader,": ",AuthInfo->Password,"\r\n",NULL);
AuthInfo->Flags |= HTTP_SENT_AUTH;
}
else if (AuthInfo->Flags & HTTP_AUTH_DIGEST)
{
AuthCounter++;
Tempstr=FormatStr(Tempstr,"%s:%s:%s",AuthInfo->Logon,AuthInfo->AuthRealm,AuthInfo->Password);
HashBytes(&HA1,"md5",Tempstr,StrLen(Tempstr),0);
Tempstr=FormatStr(Tempstr,"%s:%s",Info->Method,Info->Doc);
HashBytes(&HA2,"md5",Tempstr,StrLen(Tempstr),0);
for (i=0; i < 10; i++)
{
Tempstr=FormatStr(Tempstr,"%x",rand() % 255);
ClientNonce=CatStr(ClientNonce,Tempstr);
}
Tempstr=FormatStr(Tempstr,"%s:%s:%08d:%s:auth:%s",HA1,AuthInfo->AuthNonce,AuthCounter,ClientNonce,HA2);
HashBytes(&Digest,"md5",Tempstr,StrLen(Tempstr),0);
Tempstr=FormatStr(Tempstr,"%s: Digest username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s\",qop=auth,nc=%08d,cnonce=\"%s\",response=\"%s\"\r\n",AuthHeader,AuthInfo->Logon,AuthInfo->AuthRealm,AuthInfo->AuthNonce,Info->Doc,AuthCounter,ClientNonce,Digest);
SendStr=CatStr(SendStr,Tempstr);
AuthInfo->Flags |= HTTP_SENT_AUTH;
}
else
{
Tempstr=CopyStr(Tempstr,AuthInfo->Logon);
Tempstr=CatStr(Tempstr,":");
Tempstr=CatStr(Tempstr,AuthInfo->Password);
Digest=SetStrLen(Digest,StrLen(Tempstr) *2);
to64frombits(Digest,Tempstr,strlen(Tempstr));
SendStr=MCatStr(SendStr,AuthHeader,": Basic ",Digest,"\r\n",NULL);
AuthInfo->Flags |= HTTP_SENT_AUTH;
}
DestroyString(HA1);
DestroyString(HA2);
DestroyString(ClientNonce);
DestroyString(Digest);
DestroyString(Tempstr);
return(SendStr);
}
void OAuthParse(OAUTH *Ctx, const char *Line)
{
char *Name=NULL, *Value=NULL;
const char *ptr;
ptr=GetToken(Line,"\\S",&Ctx->Name,GETTOKEN_QUOTES);
ptr=GetNameValuePair(ptr," ", "=", &Name, &Value);
while (ptr)
{
SetVar(Ctx->Vars, Name, Value);
ptr=GetNameValuePair(ptr," ", "=", &Name, &Value);
}
Ctx->AccessToken=CopyStr(Ctx->AccessToken, GetVar(Ctx->Vars,"access_token"));
Ctx->RefreshToken=CopyStr(Ctx->RefreshToken, GetVar(Ctx->Vars,"refresh_token"));
DestroyString(Name);
DestroyString(Value);
}
void CopyRR(ResourceRecord *DstRR, ResourceRecord *SrcRR)
{
SOADataStruct *SoaData;
DstRR->Question=CopyStr(DstRR->Question, SrcRR->Question);
DstRR->Answer=CopyStr(DstRR->Answer, SrcRR->Answer);
DstRR->TTL=SrcRR->TTL;
DstRR->Pref=SrcRR->Pref;
DstRR->Type=SrcRR->Type;
DstRR->Class=SrcRR->Class;
DstRR->Ptr=SrcRR->Ptr;
if (SrcRR->Type == SOA)
{
SoaData=SrcRR->Ptr;
if (SoaData) DstRR->Ptr=CreateSOAStruct(SoaData->AuthSource, SoaData->AdminEmail, SoaData->SerialNo, SoaData->Refresh, SoaData->Retry, SoaData->Expire, SoaData->Minimum);
}
}
int HTTPServerAuthenticate(HTTPSession *Session)
{
int result=FALSE;
//This handles someone clicking a 'logout' button
if (! HTTPServerHandleRegister(Session, LOGIN_CHECK_ALLOWED))
{
LogToFile(Settings.LogPath,"AUTH: Forcing Relogin for %s@%s (%s) %s %s",Session->ClientIP,Session->ClientHost,Session->ClientIP,Session->Method,Session->Path);
return(FALSE);
}
if (Session->Flags & SESSION_AUTHENTICATED)
{
if (strcmp(Session->UserName,Session->AuthenticatedUser)==0)
{
LogToFile(Settings.LogPath,"AUTH: Session Keep-Alive active, reusing authentication for %s@%s (%s) %s %s",Session->ClientIP,Session->ClientHost,Session->ClientIP,Session->Method,Session->Path);
return(TRUE);
}
else LogToFile(Settings.LogPath,"AUTH: ERROR: Session Keep-Alive active, but user has changed to %s@%s (%s) %s %s. Refusing authentication",Session->ClientIP,Session->ClientHost,Session->ClientIP,Session->Method,Session->Path);
}
//Consider AccessToken Authentication for this URL!
if ((! (Session->Flags & SESSION_AUTHENTICATED)) && (Session->AuthFlags & FLAG_AUTH_ACCESS_TOKEN)) ParseAccessToken(Session);
if (Session->AuthFlags & FLAG_AUTH_PRESENT)
{
//if this looks back-to-front it's because for some methods we only get the username
//after we've completed authentication (e.g. it's taken from a cookie)
//ANYTHING OTHER THAN TRUE FROM AUTHENTICATE MEANS IT FAILED
if ((Authenticate(Session)==TRUE) && StrLen(Session->UserName)) result=TRUE;
//If authentication provided any users settings, then apply those
if (StrLen(Session->UserSettings)) ParseConfigItemList(Session->UserSettings);
//The FLAG_SSL_CERT_REQUIRED flag might have been set by user settings
//during authentication, so check it again here
if (! HTTPServerCheckCertificate(Session, Session->S)) result=FALSE;
if (result) HTTPServerHandleRegister(Session, LOGGED_IN);
else HTTPServerHandleRegister(Session, LOGIN_FAIL);
}
if (result==TRUE)
{
Session->AuthenticatedUser=CopyStr(Session->AuthenticatedUser,Session->UserName);
Session->Flags |= SESSION_AUTHENTICATED;
}
return(result);
}
