/***************************************************************************
setup the cgi framework, handling the possability that this program is either
run as a true cgi program by a web browser or is itself a mini web server
***************************************************************************/
void cgi_setup(char *rootdir)
{
int authenticated = 0;
char line[1024];
char *url=NULL;
char *p;
if (chdir(rootdir)) {
cgi_setup_error("400 Server Error", "",
"chdir failed - the server is not configured correctly");
}
if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
/* assume we are running under a real web server */
return;
}
/* we are a mini-web server. We need to read the request from stdin
and handle authentication etc */
while (fgets(line, sizeof(line)-1, stdin)) {
if (line[0] == '\r' || line[0] == '\n') break;
if (strncasecmp(line,"GET ", 4)==0) {
request_get = 1;
url = strdup(&line[4]);
} else if (strncasecmp(line,"POST ", 5)==0) {
request_post = 1;
url = strdup(&line[5]);
} else if (strncasecmp(line,"PUT ", 4)==0) {
cgi_setup_error("400 Bad Request", "",
"This server does not accept PUT requests");
} else if (strncasecmp(line,"Authorization: ", 15)==0) {
authenticated = cgi_handle_authorization(&line[15]);
} else if (strncasecmp(line,"Content-Length: ", 16)==0) {
content_length = atoi(&line[16]);
}
/* ignore all other requests! */
}
if (!authenticated) {
cgi_setup_error("401 Authorization Required",
"WWW-Authenticate: Basic realm=\"root\"\r\n",
"You must be authenticated to use this service");
}
if (!url) {
cgi_setup_error("400 Bad Request", "",
"You must specify a GET or POST request");
}
/* trim the URL */
if ((p = strchr(url,' ')) || (p=strchr(url,'\t'))) {
*p = 0;
}
while (*url && strchr("\r\n",url[strlen(url)-1])) {
url[strlen(url)-1] = 0;
}
/* anything following a ? in the URL is part of the query string */
if ((p=strchr(url,'?'))) {
query_string = p+1;
*p = 0;
}
if (strcmp(url,"/")) {
cgi_download(url+1);
}
printf("HTTP/1.1 200 OK\r\nConnection: close\r\n");
}
/**
* @brief Setup the CGI framework.
*
* Setup the cgi framework, handling the possibility that this program
* is either run as a true CGI program with a gateway to a web server, or
* is itself a mini web server.
**/
void cgi_setup(const char *rootdir, int auth_required)
{
bool authenticated = False;
char line[1024];
char *url=NULL;
char *p;
char *lang;
if (chdir(rootdir)) {
cgi_setup_error("500 Server Error", "",
"chdir failed - the server is not configured correctly");
}
/* Handle the possibility we might be running as non-root */
sec_init();
if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) {
/* if running as a cgi program */
web_set_lang(lang);
}
/* maybe we are running under a web server */
if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
if (auth_required) {
cgi_web_auth();
}
return;
}
inetd_server = True;
if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
cgi_setup_error("403 Forbidden", "",
"Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
}
/* we are a mini-web server. We need to read the request from stdin
and handle authentication etc */
while (fgets(line, sizeof(line)-1, stdin)) {
if (line[0] == '\r' || line[0] == '\n') break;
if (strnequal(line,"GET ", 4)) {
got_request = True;
url = SMB_STRDUP(&line[4]);
} else if (strnequal(line,"POST ", 5)) {
got_request = True;
request_post = 1;
url = SMB_STRDUP(&line[5]);
} else if (strnequal(line,"PUT ", 4)) {
got_request = True;
cgi_setup_error("400 Bad Request", "",
"This server does not accept PUT requests");
} else if (strnequal(line,"Authorization: ", 15)) {
authenticated = cgi_handle_authorization(&line[15]);
} else if (strnequal(line,"Content-Length: ", 16)) {
content_length = atoi(&line[16]);
} else if (strnequal(line,"Accept-Language: ", 17)) {
web_set_lang(&line[17]);
}
/* ignore all other requests! */
}
if (auth_required && !authenticated) {
cgi_auth_error();
}
if (!url) {
cgi_setup_error("400 Bad Request", "",
"You must specify a GET or POST request");
}
/* trim the URL */
if ((p = strchr_m(url,' ')) || (p=strchr_m(url,'\t'))) {
*p = 0;
}
while (*url && strchr_m("\r\n",url[strlen(url)-1])) {
url[strlen(url)-1] = 0;
}
/* anything following a ? in the URL is part of the query string */
if ((p=strchr_m(url,'?'))) {
query_string = p+1;
*p = 0;
}
string_sub(url, "/swat/", "", 0);
if (url[0] != '/' && strstr(url,"..")==0) {
cgi_download(url);
}
printf("HTTP/1.0 200 OK\r\nConnection: close\r\n");
printf("Date: %s\r\n", http_timestring(time(NULL)));
baseurl = "";
pathinfo = url+1;
}
