int main(int argc, char **argv) { char *author; char *title; CGI_varlist *varlist; CGI_varlist *redirect_vars; CGI_value *value; char *reason; cl = clnt_create(PAPER_ADDRESS, PAPERSERVER_PROG, PAPERSERVER_VERS, "tcp"); if (cl == NULL) { // sprintf(reason, "Error creating RPC client %s", strerror(errno)); redirect_vars = CGI_add_var(NULL, "reason", "Error creating RPC client"); printf("Status: 303\nLocation: %s%s%s\n\n", WEB_BASEPHP, "/papererror.php?", CGI_encode_varlist(redirect_vars, NULL)); // perror("Error creating RPC client!"); CGI_free_varlist(redirect_vars); exit(1); } // fputs("Content-type: text/plain\r\n\r\n", stdout); varlist = CGI_get_all("/tmp/cgi-upload-XXXXXX"); author = CGI_lookup(varlist, "author"); title = CGI_lookup(varlist, "title"); value = CGI_lookup_all(varlist, "fileToUpload"); if (value == 0 || value[1] == 0) { redirect_vars = CGI_add_var(NULL, "reason", "No file was uploaded"); printf("Status: 303\nLocation: %s%s%s\n\n", WEB_BASEPHP, "/papererror.php?", CGI_encode_varlist(redirect_vars, NULL)); CGI_free_varlist(redirect_vars); // fputs("No file was uploaded\r\n", stdout); } else { // printf("Author: %s\n Title: %s\n", author, title); // printf("Your file \"%s\" was uploaded to my file \"%s\"\r\n", // value[1], value[0]); add_article(author, title, strdup(value[0]), strdup(value[1])); /* Do something with the file here */ unlink(value[0]); } CGI_free_varlist(varlist); clnt_destroy(cl); return 0; }
/** * @internal * * Returns a string from the request, either for GET, POST or COOKIE. */ ctr_object* ctr_request_string(ctr_object* myself, ctr_argument* argumentList, CGI_varlist* varlist) { ctr_object* cgiVarObject; char* cgiVar; char* value; cgiVarObject = ctr_internal_cast2string(argumentList->object); cgiVar = ctr_heap_allocate_cstring( cgiVarObject ); value = (char*) CGI_lookup(varlist, (const char*)cgiVar); ctr_heap_free( cgiVar ); if (value == NULL) return CtrStdNil; return ctr_build_string_from_cstring(value); }
int main(int argc, char **argv) { CGI_varlist *varlist; const char *value; if ((varlist = CGI_get_all(0)) == 0) { fputs("Content-type: text/plain\r\n\r\n", stdout); printf("No CGI data received\r\n"); return 0; } value = CGI_lookup(varlist, "id"); cl = clnt_create(PAPER_ADDRESS, PAPERSERVER_PROG, PAPERSERVER_VERS, "tcp"); if (cl == NULL) { fputs("Content-type: text/plain\r\n\r\n", stdout); perror("Error creating RPC client!"); CGI_free_varlist(varlist); /* free variable list */ exit(1); } if (value != NULL) { get_article_info(value); } else { printf("Content-Type: text/plain\n\n"); printf("id value missing\n\n"); } CGI_free_varlist(varlist); /* free variable list */ clnt_destroy(cl); return 0; }
int main(int argc, char **argv) { CLIENT *cl; CGI_varlist *varlist; int value; const char *author = "author"; const char *title = "title"; const char *file = "file"; const char* authorTmp; const char* titleTmp; CGI_value* fileValue; char* authorVal; char* titleVal; char* fileVal; if ((varlist = CGI_get_all("/tmp/cgi-upload-XXXXXX")) == NULL || varlist == 0) { redirectError("No CGI data received"); return 0; } if((varlist = CGI_get_post(varlist, "/tmp/cgi-upload-XXXXXX")) == NULL || varlist == 0) { redirectError("No CGI post data received"); return 0; } if(((authorTmp = CGI_lookup(varlist, author)) == NULL) || strlen(authorTmp) == 0) { redirectError("Did not receive Author data"); return 0; } if(((titleTmp = CGI_lookup(varlist, title)) == NULL) || strlen(titleTmp) == 0) { redirectError("Did not receive Title data "); return 0; } if(((fileValue = CGI_lookup_all(varlist, file)) == NULL)) { redirectError("Did not receive File data"); return 0; } if(fileValue == 0 || fileValue[1] == 0){ redirectError("No file was uploaded"); return 0; } authorVal = (char*) malloc(strlen(authorTmp)*sizeof(char)); titleVal = (char*) malloc(strlen(titleTmp)*sizeof(char)); fileVal = (char*) malloc(strlen(fileValue[0])*sizeof(char)); strcpy(authorVal, authorTmp); strcpy(titleVal, titleTmp); strcpy(fileVal, fileValue[0]); CGI_free_varlist(varlist); cl = createClient(); value = addArticle(cl, authorVal, titleVal, fileVal); clnt_destroy(cl); if(value < 0){ redirectError("Add Article Error"); } redirectSuccess(value); return value; }
int main(int argc, char **argv) { CGI_varlist *vl; int tlen = strlen(TMP_PATH); FILE *log; const char *name, *dir; char prefix[BUFSIZ] = UPL_PATH, dst[BUFSIZ], srv[BUFSIZ], *p = getenv("SCRIPT_NAME"); umask(umask((mode_t)0)|S_IWUSR|S_IWGRP|S_IWOTH|S_IXUSR|S_IXGRP|S_IXOTH); printf("Content-type: text/plain\r\n\r\n"); if(p != NULL) /* The CGI-reported basename must be the target server */ { char genbuf[BUFSIZ]; if(strlcpy(dst, p, BUFSIZ) >= BUFSIZ) return 1; /* These are self- */ if((p = strrchr(dst, '/')) != NULL) p++; else p = dst; if(strlcpy(genbuf, p, BUFSIZ) >= BUFSIZ) return 1; /* inflicted errors */ if(strlcpy(srv, p, BUFSIZ) >= BUFSIZ) return 1; /* that users should*/ if((p = strchr(genbuf, '.')) != NULL) *p = '\0'; if((p = strchr(srv, '.')) != NULL) *p = '\0'; if(strlcat(prefix, genbuf, BUFSIZ) >= BUFSIZ || strlcat(prefix, "-", BUFSIZ) >= BUFSIZ) return 1; /* not normally see */ } else { e("config error"); return 1; } if((log = fopen(LOG_PATH, "a")) == NULL) { e("log error"); return 1; } if((vl = CGI_get_all(TMP_PATH"-XXXXXX")) == 0 ) { e("nodata"); return 1; } /*All files received--force to disk: sync && echo 3 > /proc/sys/vm/drop_caches*/ sync(); /* Suggest to disk */ if((dir = CGI_lookup(vl, "dir"))) { FILE *dirs = fopen(DIR_PATH, "r"); /* SMB server permitted directories */ char genbuf[BUFSIZ], f = 1; if(!dirs) { e("no dir"); return 1; } while(fgets(genbuf, BUFSIZ, dirs)) { /* Remove the fgets-included newline */ if((p = strrchr(genbuf, '\n')) != NULL) *p = '\0'; if(!strcmp(genbuf, dir)) { f = 0; break; } } fclose(dirs); if(f) { e("no dir"); return 1; } } else { e("no dir"); return 1; } printf("%s\n", dir); for(name = CGI_first_name(vl); name != 0; name = CGI_next_name(vl)) { int i; CGI_value *val; if(!(val = CGI_lookup_all(vl, 0))) continue; for(i = 0; val[i]; i++) { struct stat junk_buf; /* Does filename match TMP_PATH, and exist? */ if(!strncmp(val[i], TMP_PATH, tlen) && !stat(val[i], &junk_buf)) { /* RFC-1867 files come in name pairs, and the index must be advanced. */ FILE *goodfile; const char *z; time_t epoch = time(NULL); struct tm *now = localtime(&epoch); int j = i++; /* Now, val[j] == tmp_name, val[i] == user's sent name. */ strftime(dst, BUFSIZ, "%y/%m/%d %H:%M:%S", now); fprintf(log, "%s %s %s", dst, getenv("REMOTE_ADDR"), val[i]); if((z = strrchr(val[i], '/')) != NULL) z++; else z = val[i]; if((p = strrchr(z, '\\')) != NULL) z = p + 1; /* IE sends full path. */ if(strlcpy(dst, prefix, BUFSIZ) >= BUFSIZ || strlcat(dst, z, BUFSIZ) >= BUFSIZ) /* Skip if basename oversized. */ { e("error\n"); fprintf(log, " _FLEN-RETAINED_ %s\n", val[j]); continue; } if(link(val[j], dst) && /* On link failure, try to keep this data. */ (strlcat(dst, val[j] + tlen, BUFSIZ) >= BUFSIZ || /* new filename */ link(val[j], dst))) /* mkstemp suffix appended */ { printf("name_error\t%s\n", val[i]); fprintf(log, " _LINK-RETAINED_ %s\n", val[j]); continue; } else fprintf(log, " _RENAMED_ %s", dst); if(unlink(val[j])) { printf("tmp_error\t%s\n", val[i]); /* This is not a fatal error */ fprintf(log, " _UNLINK-RETAINED_ %s", val[j]); } fprintf(log,"\n"); if((goodfile = fopen(dst, "r"))) { SHA256_CTX ctx; uchar buf[BUFSIZ]; char cmd[BUFSIZ], dirbuf[BUFSIZ]; /* Report the sha256sum--at least client can verify this leg of the trip */ sha256_init(&ctx); while((j = fread(buf, 1, BUFSIZ, goodfile))) sha256_update(&ctx, buf, j); sha256_final(&ctx, buf); fclose(goodfile); for(j = 0; j < 32; j++) printf("%02x", buf[j]); printf("\t%s\n", val[i]); /* Build the smbclient command line - add -e for encryption if desired */ if(strlcpy(cmd, "smbclient -mSMB3 -A/usr/local/etc/.", BUFSIZ) >= BUFSIZ || strlcat(cmd, srv, BUFSIZ) >= BUFSIZ ||/*Note:smbclient didn't get*/ strlcat(cmd, ".auth '//", BUFSIZ) >= BUFSIZ ||/* SMB3 until Samba v4.1*/ strlcat(cmd, srv, BUFSIZ) >= BUFSIZ) { E(); continue; } if(*dir != '/' && strlcat(cmd, "/", BUFSIZ) >= BUFSIZ) { E(); continue; } if( strlcpy(dirbuf, dir, BUFSIZ) >= BUFSIZ) { E(); continue; } if((p = strchr(dirbuf + 1, '/')) != NULL) { /* Pull the share name off, then cd to subdir */ *p = '\0'; if(strlcat(cmd, dirbuf, BUFSIZ) >= BUFSIZ || strlcat(cmd, "' -c 'cd \"", BUFSIZ) >= BUFSIZ || strlcat(cmd, p + 1, BUFSIZ) >= BUFSIZ || strlcat(cmd, "\"; ", BUFSIZ) >= BUFSIZ) { E(); continue; } } /* smbclient doesn't cd properly if this isn't done */ else { /* No subdir, so put directly */ if(strlcat(cmd, dir, BUFSIZ) >= BUFSIZ || strlcat(cmd, "' -c '", BUFSIZ) >= BUFSIZ) { E(); continue; } } if(strlcat(cmd, "put \"", BUFSIZ) >= BUFSIZ || strlcat(cmd, dst, BUFSIZ) >= BUFSIZ || strlcat(cmd, "\" \"", BUFSIZ) >= BUFSIZ || strlcat(cmd, z, BUFSIZ) >= BUFSIZ || strlcat(cmd, "\"; dir \"", BUFSIZ) >= BUFSIZ || strlcat(cmd, z, BUFSIZ) >= BUFSIZ || strlcat(cmd, "\"' 2>&1", BUFSIZ) >= BUFSIZ) { E(); continue; } fprintf(log, "%s\n", cmd); if((goodfile = popen(cmd, "r"))) /* Run the SMB transfer */ { while(fgets(cmd, BUFSIZ, goodfile)) printf("%s", cmd); pclose(goodfile); } } } } } CGI_free_varlist(vl); fclose(log); fflush(NULL); return 0; }