diff options
| author | Andrew Tridgell <tridge@samba.org> | 2001-05-17 11:45:58 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2001-05-17 11:45:58 +0000 |
| commit | ed585b91eb2be5bff000c715ff11447d3aaa0cb0 (patch) | |
| tree | 9db905ff3b9f34d8b682843709eea6dff9c28867 /source3/web/cgi.c | |
| parent | 8d9aadc2bcca34d557fe61e9dd63477136dc41ec (diff) | |
| download | samba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.tar.gz samba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.tar.bz2 samba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.zip | |
- added ability for swat to run under CGI. This needs
to be setup very carefully for it not to be a security hole
- reran configure
(This used to be commit cf4e439a1e0f3fadbe08c474e5b201827866d7f5)
Diffstat (limited to 'source3/web/cgi.c')
| -rw-r--r-- | source3/web/cgi.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index e4fda2d99c..07f84b2a61 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -292,6 +292,36 @@ static void cgi_auth_error(void) exit(0); } +/*************************************************************************** +authenticate when we are running as a CGI + ***************************************************************************/ +static void cgi_web_auth(void) +{ + char *user = getenv("REMOTE_USER"); + struct passwd *pwd; + char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n"; + char *tail = "</BODY></HTML>\r\n"; + + if (!user) { + printf("%sREMOTE_USER not set. Not authenticated by web server.<br>%s\n", + head, tail); + exit(0); + } + + pwd = getpwnam(user); + if (!pwd) { + printf("%sCannot find user %s<br>%s\n", head, user, tail); + exit(0); + } + + setuid(0); + setuid(pwd->pw_uid); + if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { + printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", + head, user, (int)geteuid(), (int)getuid(), tail); + exit(0); + } +} /*************************************************************************** decode a base64 string in-place - simple and slow algorithm @@ -483,6 +513,8 @@ static void cgi_download(char *file) } + + /*************************************************************************** setup the cgi framework, handling the possability that this program is either run as a true cgi program by a web browser or is itself a mini web server @@ -502,7 +534,7 @@ void cgi_setup(char *rootdir, int auth_required) /* maybe we are running under a web server */ if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) { if (auth_required) { - cgi_auth_error(); + cgi_web_auth(); } return; } |