/*************************************************************************** setup the cgi framework, handling the possability that this program is either run as a true cgi program by a web browser or is itself a mini web server ***************************************************************************/ void cgi_setup(char *rootdir) { int authenticated = 0; char line[1024]; char *url=NULL; char *p; if (chdir(rootdir)) { cgi_setup_error("400 Server Error", "", "chdir failed - the server is not configured correctly"); } if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) { /* assume we are running under a real web server */ return; } /* we are a mini-web server. We need to read the request from stdin and handle authentication etc */ while (fgets(line, sizeof(line)-1, stdin)) { if (line[0] == '\r' || line[0] == '\n') break; if (strncasecmp(line,"GET ", 4)==0) { request_get = 1; url = strdup(&line[4]); } else if (strncasecmp(line,"POST ", 5)==0) { request_post = 1; url = strdup(&line[5]); } else if (strncasecmp(line,"PUT ", 4)==0) { cgi_setup_error("400 Bad Request", "", "This server does not accept PUT requests"); } else if (strncasecmp(line,"Authorization: ", 15)==0) { authenticated = cgi_handle_authorization(&line[15]); } else if (strncasecmp(line,"Content-Length: ", 16)==0) { content_length = atoi(&line[16]); } /* ignore all other requests! */ } if (!authenticated) { cgi_setup_error("401 Authorization Required", "WWW-Authenticate: Basic realm=\"root\"\r\n", "You must be authenticated to use this service"); } if (!url) { cgi_setup_error("400 Bad Request", "", "You must specify a GET or POST request"); } /* trim the URL */ if ((p = strchr(url,' ')) || (p=strchr(url,'\t'))) { *p = 0; } while (*url && strchr("\r\n",url[strlen(url)-1])) { url[strlen(url)-1] = 0; } /* anything following a ? in the URL is part of the query string */ if ((p=strchr(url,'?'))) { query_string = p+1; *p = 0; } if (strcmp(url,"/")) { cgi_download(url+1); } printf("HTTP/1.1 200 OK\r\nConnection: close\r\n"); }
/** * @brief Setup the CGI framework. * * Setup the cgi framework, handling the possibility that this program * is either run as a true CGI program with a gateway to a web server, or * is itself a mini web server. **/ void cgi_setup(const char *rootdir, int auth_required) { bool authenticated = False; char line[1024]; char *url=NULL; char *p; char *lang; if (chdir(rootdir)) { cgi_setup_error("500 Server Error", "", "chdir failed - the server is not configured correctly"); } /* Handle the possibility we might be running as non-root */ sec_init(); if ((lang=getenv("HTTP_ACCEPT_LANGUAGE"))) { /* if running as a cgi program */ web_set_lang(lang); } /* maybe we are running under a web server */ if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) { if (auth_required) { cgi_web_auth(); } return; } inetd_server = True; if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) { cgi_setup_error("403 Forbidden", "", "Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf "); } /* we are a mini-web server. We need to read the request from stdin and handle authentication etc */ while (fgets(line, sizeof(line)-1, stdin)) { if (line[0] == '\r' || line[0] == '\n') break; if (strnequal(line,"GET ", 4)) { got_request = True; url = SMB_STRDUP(&line[4]); } else if (strnequal(line,"POST ", 5)) { got_request = True; request_post = 1; url = SMB_STRDUP(&line[5]); } else if (strnequal(line,"PUT ", 4)) { got_request = True; cgi_setup_error("400 Bad Request", "", "This server does not accept PUT requests"); } else if (strnequal(line,"Authorization: ", 15)) { authenticated = cgi_handle_authorization(&line[15]); } else if (strnequal(line,"Content-Length: ", 16)) { content_length = atoi(&line[16]); } else if (strnequal(line,"Accept-Language: ", 17)) { web_set_lang(&line[17]); } /* ignore all other requests! */ } if (auth_required && !authenticated) { cgi_auth_error(); } if (!url) { cgi_setup_error("400 Bad Request", "", "You must specify a GET or POST request"); } /* trim the URL */ if ((p = strchr_m(url,' ')) || (p=strchr_m(url,'\t'))) { *p = 0; } while (*url && strchr_m("\r\n",url[strlen(url)-1])) { url[strlen(url)-1] = 0; } /* anything following a ? in the URL is part of the query string */ if ((p=strchr_m(url,'?'))) { query_string = p+1; *p = 0; } string_sub(url, "/swat/", "", 0); if (url[0] != '/' && strstr(url,"..")==0) { cgi_download(url); } printf("HTTP/1.0 200 OK\r\nConnection: close\r\n"); printf("Date: %s\r\n", http_timestring(time(NULL))); baseurl = ""; pathinfo = url+1; }