diff options
author | Andrew Tridgell <tridge@samba.org> | 1999-12-13 13:27:58 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1999-12-13 13:27:58 +0000 |
commit | 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 (patch) | |
tree | 866dd15416c3d8554bb207709f433a87ad0c012d /source3/web/cgi.c | |
parent | f6276724bafdb6145c0c7b565172d80cb04516ea (diff) | |
download | samba-3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7.tar.gz samba-3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7.tar.bz2 samba-3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7.zip |
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
Diffstat (limited to 'source3/web/cgi.c')
-rw-r--r-- | source3/web/cgi.c | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 305c173a5d..62a5e71e05 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -333,7 +333,7 @@ handle a http authentication line static BOOL cgi_handle_authorization(char *line) { char *p, *user, *user_pass; - const struct passwd *pass = NULL; + struct passwd *pass = NULL; BOOL ret = False; if (strncasecmp(line,"Basic ", 6)) { @@ -386,20 +386,7 @@ static BOOL cgi_handle_authorization(char *line) * We have not authenticated as root, * become the user *permanently*. */ - if(!become_user_permanently(pass->pw_uid, pass->pw_gid)) { - /* - * Always give the same error so a cracker - * cannot tell why we fail. - */ - cgi_setup_error("401 Bad Authorization", "", - "username/password must be supplied"); - return False; - } - - /* - * On exit from here we are the authenticated - * user - no way back. - */ + become_user_permanently(pass->pw_uid, pass->pw_gid); } /* Save the users name */ @@ -571,9 +558,9 @@ void cgi_setup(char *rootdir, int auth_required) *p = 0; } - string_sub(url, "/swat/", ""); + string_sub(url, "/swat/", "", 0); - if (strstr(url,"..")==0 && file_exist(url, NULL)) { + if (url[0] != '/' && strstr(url,"..")==0 && file_exist(url, NULL)) { cgi_download(url); } |