Exemple #1
0
static void formDeleteAccessLimit(webs_t wp, char_t *path, char_t *query)
{
	char_t	*url, *ok;

	a_assert(wp);

	url = websGetVar(wp, T("url"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Delete Access Limit Cancelled"));
	} else if (umDeleteAccessLimit(url) != 0) {
		websWrite(wp, T("ERROR: Unable to delete Access Limit for [%s]"), 
			url);
	} else {
		websWrite(wp, T("Access Limit for [%s], was successfully deleted."), 
			url);
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #2
0
static void formDeleteGroup(webs_t wp, char_t *path, char_t *query)
{
	char_t	*group, *ok;

	a_assert(wp);

	group = websGetVar(wp, T("group"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Delete Group Cancelled."));
	} else if ((group == NULL) || (*group == '\0')) {
		websWrite(wp, T("ERROR: No group was selected."));
	} else if (umGetGroupProtected(group)) {
		websWrite(wp, T("ERROR: Group, \"%s\" is delete-protected."), group);
	} else if (umGetGroupInUse(group)) {
		websWrite(wp, T("ERROR: Group, \"%s\" is being used."),	group);
	} else if (umDeleteGroup(group) != 0) {
		websWrite(wp, T("ERROR: Unable to delete group, \"%s\" "), group);
	} else {
		websWrite(wp, T("Group, \"%s\" was successfully deleted."), group);
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #3
0
static void formDisplayUser(webs_t wp, char_t *path, char_t *query)
{
	char_t	*userid, *ok, *temp;
	bool_t	enabled;

	a_assert(wp);

	userid = websGetVar(wp, T("user"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websWrite(wp, T("<body>"));

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Display User Cancelled"));
	} else if (umUserExists(userid) == FALSE) {
		websWrite(wp, T("ERROR: User <b>%s</b> not found.\n"), userid);
	} else {
		websWrite(wp, T("<h2>User ID: <b>%s</b></h2>\n"), userid);
		temp = umGetUserGroup(userid);
		websWrite(wp, T("<h3>User Group: <b>%s</b></h3>\n"), temp);
		enabled = umGetUserEnabled(userid);
		websWrite(wp, T("<h3>Enabled: <b>%d</b></h3>\n"), enabled);
	}

	websWrite(wp, T("</body>\n"));
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #4
0
static void formDeleteUser(webs_t wp, char_t *path, char_t *query)
{
	char_t	*userid, *ok;

	a_assert(wp);

	userid = websGetVar(wp, T("user"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Delete User Cancelled"));
	} else if (umUserExists(userid) == FALSE) {
		websWrite(wp, T("ERROR: User \"%s\" not found"), userid);
	} else if (umGetUserProtected(userid)) {
		websWrite(wp, T("ERROR: User, \"%s\" is delete-protected."), userid);
	} else if (umDeleteUser(userid) != 0) {
		websWrite(wp, T("ERROR: Unable to delete user, \"%s\" "), userid);
	} else {
		websWrite(wp, T("User, \"%s\" was successfully deleted."), userid);
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #5
0
static void formLoadUserManagement( webs_t wp, char_t* path, char_t* query )
{
    char_t*	ok;
    a_assert( wp );
    ok = websGetVar( wp, T( "ok" ), T( "" ) );
    websHeader( wp );
    websMsgStart( wp );

    if ( gstricmp( ok, T( "ok" ) ) != 0 )
    {
        websWrite( wp, T( "Load Cancelled." ) );
    }

    else if ( umRestore( NULL ) != 0 )
    {
        websWrite( wp, T( "ERROR: Unable to load user configuration." ) );
    }

    else
    {
        websWrite( wp, T( "User configuration was re-loaded successfully." ) );
    }

    websMsgEnd( wp );
    websFooter( wp );
    websDone( wp, 200 );
}
Exemple #6
0
static void formAddAccessLimit(webs_t wp, char_t *path, char_t *query)
{
	char_t			*url, *method, *group, *secure, *ok;
	int				nCheck;
	accessMeth_t	am;
	short			nSecure;

	a_assert(wp);

	url = websGetVar(wp, T("url"), T("")); 
	group = websGetVar(wp, T("group"), T("")); 
	method = websGetVar(wp, T("method"), T("")); 
	secure = websGetVar(wp, T("secure"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Add Access Limit Cancelled."));
	} else if ((url == NULL) || (*url == 0)) {
		websWrite(wp, T("ERROR:  No URL was entered."));
	} else if (umAccessLimitExists(url)) {
		websWrite(wp, T("ERROR:  An Access Limit for [%s] already exists."),
			url);
	} else {
		if (method && *method) {
			am = (accessMeth_t) gatoi(method);
		} else {
			am = AM_FULL;
		}

		if (secure && *secure) {
			nSecure = (short) gatoi(secure);
		} else {
			nSecure = 0;
		}

		nCheck = umAddAccessLimit(url, am, nSecure, group);
		if (nCheck != 0) {
			websWrite(wp, T("Unable to add Access Limit for [%s]"),	url);
		} else {
			websWrite(wp, T("Access limit for [%s], was successfully added."),
				url);
		}
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #7
0
static void formSaveUserManagement(webs_t wp, char *path, char *query)
{
	char	*ok;

	a_assert(wp);

	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Save Cancelled."));
	} else if (umCommit(NULL) != 0) {
		websWrite(wp, T("ERROR: Unable to save user configuration."));
	} else {
		websWrite(wp, T("User configuration was saved successfully."));
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #8
0
static void formAddUser(webs_t wp, char_t *path, char_t *query)
{
	char_t	*userid, *pass1, *pass2, *group, *enabled, *ok;
	bool_t bDisable;
	int	nCheck;

	a_assert(wp);

	userid = websGetVar(wp, T("user"), T("")); 
	pass1 = websGetVar(wp, T("password"), T("")); 
	pass2 = websGetVar(wp, T("passconf"), T("")); 
	group = websGetVar(wp, T("group"), T("")); 
	enabled = websGetVar(wp, T("enabled"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Add User Cancelled"));
	} else if (gstrcmp(pass1, pass2) != 0) {
		websWrite(wp, T("Confirmation Password did not match."));
	} else {
		if (enabled && *enabled && (gstrcmp(enabled, T("on")) == 0)) {
			bDisable = FALSE;
		} else {
			bDisable = TRUE;
		}

		nCheck = umAddUser(userid, pass1, group, 0, bDisable);
		if (nCheck != 0) {
			char_t * strError;

			switch (nCheck) {
			case UM_ERR_DUPLICATE:
				strError = T("User already exists.");
				break;

			case UM_ERR_BAD_NAME:
				strError = T("Invalid user name.");
				break;

			case UM_ERR_BAD_PASSWORD:
				strError = T("Invalid password.");
				break;

			case UM_ERR_NOT_FOUND:
				strError = T("Invalid or unselected group.");
				break;

			default:
				strError = T("Error writing user record.");
				break;
			}

			websWrite(wp, T("Unable to add user, \"%s\".  %s"),
				userid, strError);
		} else {
			websWrite(wp, T("User, \"%s\" was successfully added."),
				userid);
		}
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #9
0
static void formAddGroup(webs_t wp, char_t *path, char_t *query)
{
	char_t			*group, *enabled, *privilege, *method, *ok, *pChar;
	int				nCheck;
	short			priv;
	accessMeth_t	am;
	bool_t			bDisable;

	a_assert(wp);

	group = websGetVar(wp, T("group"), T("")); 
	method = websGetVar(wp, T("method"), T("")); 
	enabled = websGetVar(wp, T("enabled"), T("")); 
	privilege = websGetVar(wp, T("privilege"), T("")); 
	ok = websGetVar(wp, T("ok"), T("")); 

	websHeader(wp);
	websMsgStart(wp);

	if (gstricmp(ok, T("ok")) != 0) {
		websWrite(wp, T("Add Group Cancelled."));
	} else if ((group == NULL) || (*group == 0)) {
		websWrite(wp, T("No Group Name was entered."));
	} else if (umGroupExists(group)) {
		websWrite(wp, T("ERROR: Group, \"%s\" already exists."), group);
	} else {
		if (privilege && *privilege) {
/*
 *			privilege is a mulitple <SELECT> var, and must be parsed.
 *			Values for these variables are space delimited.
 */
			priv = 0;
			for (pChar = privilege; *pChar; pChar++) {
				if (*pChar == ' ') {
					*pChar = '\0';
					priv |= gatoi(privilege);
					*pChar = ' ';
					privilege = pChar + 1;
				}
			}
			priv |= gatoi(privilege);
		} else {
			priv = 0;
		}

		if (method && *method) {
			am = (accessMeth_t) gatoi(method);
		} else {
			am = AM_FULL;
		}

		if (enabled && *enabled && (gstrcmp(enabled, T("on")) == 0)) {
			bDisable = FALSE;
		} else {
			bDisable = TRUE;
		}

		nCheck = umAddGroup(group, priv, am, 0, bDisable);
		if (nCheck != 0) {
			websWrite(wp, T("Unable to add group, \"%s\", code: %d "),
				group, nCheck);
		} else {
			websWrite(wp, T("Group, \"%s\" was successfully added."), 
				group);
		}
	}

	websMsgEnd(wp);
	websFooter(wp);
	websDone(wp, 200);
}
Exemple #10
0
int serveconnection(int sockfd)
{
	FILE *in;
	char tempdata[8192], *ptr, *ptr2, *host_ptr1, *host_ptr2;
	char tempstring[8192], mimetype[50];
	char filename[255];
	unsigned int loop=0, flag=0;
	int numbytes=0;
	struct sockaddr_in sa;
	int addrlen = sizeof(struct sockaddr_in);
	t_vhost *thehost;
	
	thehost = &defaulthost;

// tempdata is the full header, tempstring is just the command

	while(!strstr(tempdata, "\r\n\r\n") && !strstr(tempdata, "\n\n"))
	{	
		if((numbytes=recv(sockfd, tempdata+numbytes, 4096-numbytes, 0))==-1)
			return -1;
	}
	for(loop=0; loop<4096 && tempdata[loop]!='\n' && tempdata[loop]!='\r'; loop++)
		tempstring[loop] = tempdata[loop];
	
	tempstring[loop] = '\0';
	ptr = strtok(tempstring, " ");
	if(ptr == 0) return -1;
	if(strcmp(ptr, "GET")) 
	{
		strcpy(filename, SERVERROOT);
		strcat(filename, "/cmderror.html");
		goto sendpage;
	}
	ptr = strtok(NULL, " ");
	if(ptr == NULL)
	{
		strcpy(filename, SERVERROOT);
		strcat(filename, "/cmderror.html");
		goto sendpage;
	}

	host_ptr1 = strstr(tempdata, "Host:");
	if(host_ptr1)
	{
		host_ptr2 = strtok(host_ptr1+6, " \r\n\t");
		
		for(loop=0; loop<no_vhosts; loop++)
			if(!gstricmp(vhosts[loop].host, host_ptr2))
				thehost = &vhosts[loop];
	}	
	else
		thehost = &defaulthost;
	if(strstr(ptr, "/.."))
	{
		strcpy(filename, SERVERROOT);
		strcat(filename, "/404.html");
		goto sendpage;
	}

	getpeername(sockfd, (struct sockaddr *)&sa, &addrlen);
	Log("Connection from %s, request = \"GET %s\"", inet_ntoa(sa.sin_addr), ptr);

	if(!strncmp(ptr, thehost->CGIBINDIR, strlen(thehost->CGIBINDIR)))
	{/* Trying to execute a cgi-bin file ? lets check */
		ptr2 = strstr(ptr, "?");
		if(ptr2!=NULL) { ptr2[0] = '\0'; flag = 1; }

		strcpy(filename, thehost->CGIBINROOT);
		ptr += strlen(thehost->CGIBINDIR);
		strcat(filename, ptr);

		// Filename = program to execute
		// ptr = filename in cgi-bin dir
		// ptr2+1 = parameters

		if(does_file_exist(filename)==TRUE && isDirectory(filename)==FALSE)
		{
			if(send(sockfd, "HTTP/1.1 200 OK\n", 16, 0)==-1)
			{
				fclose(in);
				return -1;
			}
			if(send(sockfd, "Server: "SERVERNAME"\n", strlen("Server: "SERVERNAME"\n"), 0)==-1)
			{
				fclose(in);
				return -1;
			}
			
			// Is a CGI-program that needs executing
			if(0 != dup2(sockfd, 0) || 1 != dup2(sockfd, 1))
				return -1;

			setbuf(stdin, 0);
			setbuf(stdout, 0);
			if(flag==1) setenv("QUERY_STRING", ptr2+1, 1);
			
			chdir(thehost->CGIBINROOT);
			
			execl(filename, "");
		}
		strcpy(filename, SERVERROOT);
		strcat(filename, "/cgierror.html");
		goto sendpage;
	}	

	strcpy(filename, thehost->DOCUMENTROOT);
	strcat(filename, ptr);
	      
	if(does_file_exist(filename)==FALSE)
	{		
		if(filename[strlen(filename)-1] == '/')
			strcat(filename, thehost->DEFAULTPAGE);
		else
		{
			strcat(filename, "/");
			strcat(filename, thehost->DEFAULTPAGE);
		}
		if(does_file_exist(filename) == FALSE)
		{
			filename[strlen(filename)-strlen(thehost->DEFAULTPAGE)-1] = '\0'; // Get rid of the /index.. 
			if(isDirectory(filename) == TRUE) { showdir(filename, sockfd, thehost); return 0; }
	
			// File does not exist, so we need to display the 404 error page..
			strcpy(filename, SERVERROOT);
			strcat(filename, "/404.html");
		}	
	
	}
sendpage:
	if((in = fopen(filename, "rb"))==NULL)
		return -1;
	
	fseek(in, 0, SEEK_END);
	
	if(send(sockfd, "HTTP/1.1 200 OK\n", 16, 0)==-1)
	{
		fclose(in);
		return -1;
	}
	if(send(sockfd, "Server: "SERVERNAME"\n", strlen("Server: "SERVERNAME"\n"), 0)==-1)
	{
		fclose(in);
		return -1;
	}
	sprintf(tempstring, "Content-Length: %d\n", ftell(in));
	if(send(sockfd, tempstring, strlen(tempstring), 0)==-1)
	{
		fclose(in);
		return -1;
	}

	getmimetype(filename, mimetype);
	sprintf(tempstring, "Content-Type: %s\n\n", mimetype);
	if(send(sockfd, tempstring, strlen(tempstring), 0)==-1)
	{
		fclose(in);
		return -1;
	}
	
	fseek(in, 0, SEEK_SET);

	while(!feof(in))
	{
		numbytes = fread(tempdata, 1, 1024, in);
		if(send(sockfd, tempdata, numbytes, 0)==-1)
		{
			fclose(in);
			return -1;
		}
	}
	fclose(in);

	close(sockfd);	
	return 0;
}
Exemple #11
0
int dbSearchStr(int did, char_t *tablename, 
	char_t *colName, char_t *value, int flags)
{
	int			tid, nRows, nColumns, column;
   int match = 0;
	dbTable_t	*pTable;

	a_assert(tablename);
	a_assert(colName);
	a_assert(value);

	tid = dbGetTableId(0, tablename);
	a_assert(tid >= 0);

	if ((tid >= 0) && (tid < dbMaxTables) && (dbListTables[tid] != NULL)) {
		pTable = dbListTables[tid];
	} else {
		return DB_ERR_TABLE_NOT_FOUND;
	}
	
	nColumns = pTable->nColumns;
	nRows = pTable->nRows;
	column = GetColumnIndex(tid, colName);
	a_assert (column >= 0);

	if (column >= 0) {
		char_t	*compareVal;
		int		row, *pRow;
/*
 *		Scan through rows until we find a match.
 *		Note that some of these rows may be deleted!
 */
		row = 0;
		while (row < nRows) {
			pRow = pTable->rows[row];
			if (pRow) {
				compareVal = (char_t *)(pRow[column]); 
            if (NULL != compareVal)
            {
              if (DB_CASE_INSENSITIVE == flags)
              {
                 match = gstricmp(compareVal, value);
              }
              else
              {
                 match = gstrcmp(compareVal, value);
              }
              if (0 == match)
              {
                 return row;
              }
            }
			}
			row++;
		}
	} else { 
/*
 *		Return -2 if search column was not found
 */
		trace(3, T("DB: Unable to find column <%s> in table <%s>\n"), 
			colName, tablename);
		return DB_ERR_COL_NOT_FOUND;
	}

	return -1;
}