summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-11-21 01:41:14 +0000
committerAndrew Tridgell <tridge@samba.org>1998-11-21 01:41:14 +0000
commit42e96160d373885007c4f9cc6e6b5b69e04a998b (patch)
treeb9340cc2ad55f9f143b70be2d62a81b86021830f
parent091a92e9962a9526dd355b8f6c2e57b0fba167ab (diff)
downloadsamba-42e96160d373885007c4f9cc6e6b5b69e04a998b.tar.gz
samba-42e96160d373885007c4f9cc6e6b5b69e04a998b.tar.bz2
samba-42e96160d373885007c4f9cc6e6b5b69e04a998b.zip
make SWAT obey the global "hosts allow" and "hosts deny" settings.
any attempt to run swat from a host that is disallowed will give an error. (This used to be commit fe4ef4bbef01aed75807c884249ca8efa5de4140)
-rw-r--r--source3/web/cgi.c25
-rw-r--r--source3/web/swat.c17
2 files changed, 29 insertions, 13 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 009244e595..275bf8999f 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -46,6 +46,7 @@ static char *baseurl;
static char *pathinfo;
static char *C_user;
static BOOL inetd_server;
+static BOOL got_request;
static void unescape(char *buf)
{
@@ -253,7 +254,21 @@ tell a browser about a fatal error in the http processing
***************************************************************************/
static void cgi_setup_error(char *err, char *header, char *info)
{
- printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n", err, header, err, err, info);
+ if (!got_request) {
+ /* damn browsers don't like getting cut off before they give a request */
+ char line[1024];
+ while (fgets(line, sizeof(line)-1, stdin)) {
+ if (strncasecmp(line,"GET ", 4)==0 ||
+ strncasecmp(line,"POST ", 5)==0 ||
+ strncasecmp(line,"PUT ", 4)==0) {
+ break;
+ }
+ }
+ }
+
+ printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info);
+ fclose(stdin);
+ fclose(stdout);
exit(0);
}
@@ -492,6 +507,11 @@ void cgi_setup(char *rootdir, int auth_required)
inetd_server = True;
+ if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) {
+ cgi_setup_error("400 Server Error", "",
+ "Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf ");
+ }
+
#if CGI_LOGGING
f = sys_fopen("/tmp/cgi.log", "a");
if (f) fprintf(f,"\n[Date: %s %s (%s)]\n",
@@ -507,11 +527,14 @@ void cgi_setup(char *rootdir, int auth_required)
#endif
if (line[0] == '\r' || line[0] == '\n') break;
if (strncasecmp(line,"GET ", 4)==0) {
+ got_request = True;
url = strdup(&line[4]);
} else if (strncasecmp(line,"POST ", 5)==0) {
+ got_request = True;
request_post = 1;
url = strdup(&line[5]);
} else if (strncasecmp(line,"PUT ", 4)==0) {
+ got_request = True;
cgi_setup_error("400 Bad Request", "",
"This server does not accept PUT requests");
} else if (strncasecmp(line,"Authorization: ", 15)==0) {
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 8c5ac782a3..ed139e2483 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -382,12 +382,9 @@ static void commit_parameters(int snum)
/****************************************************************************
load the smb.conf file into loadparm.
****************************************************************************/
-static void load_config(void)
+static BOOL load_config(void)
{
- if (!lp_load(servicesf,False,True,False)) {
- printf("<b>Can't load %s - using defaults</b><p>\n",
- servicesf);
- }
+ return lp_load(servicesf,False,True,False);
}
/****************************************************************************
@@ -909,17 +906,13 @@ static void printers_page(void)
}
}
+ charset_initialise();
+ load_config();
+
cgi_setup(SWATDIR, !demo_mode);
print_header();
- charset_initialise();
-
- /* if this binary is setuid then run completely as root */
- setuid(0);
-
- load_config();
-
cgi_load_variables(NULL);
show_main_buttons();