diff options
author | Andrew Tridgell <tridge@samba.org> | 1998-11-21 01:41:14 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1998-11-21 01:41:14 +0000 |
commit | 42e96160d373885007c4f9cc6e6b5b69e04a998b (patch) | |
tree | b9340cc2ad55f9f143b70be2d62a81b86021830f /source3/web | |
parent | 091a92e9962a9526dd355b8f6c2e57b0fba167ab (diff) | |
download | samba-42e96160d373885007c4f9cc6e6b5b69e04a998b.tar.gz samba-42e96160d373885007c4f9cc6e6b5b69e04a998b.tar.bz2 samba-42e96160d373885007c4f9cc6e6b5b69e04a998b.zip |
make SWAT obey the global "hosts allow" and "hosts deny" settings.
any attempt to run swat from a host that is disallowed will give an
error.
(This used to be commit fe4ef4bbef01aed75807c884249ca8efa5de4140)
Diffstat (limited to 'source3/web')
-rw-r--r-- | source3/web/cgi.c | 25 | ||||
-rw-r--r-- | source3/web/swat.c | 17 |
2 files changed, 29 insertions, 13 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 009244e595..275bf8999f 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -46,6 +46,7 @@ static char *baseurl; static char *pathinfo; static char *C_user; static BOOL inetd_server; +static BOOL got_request; static void unescape(char *buf) { @@ -253,7 +254,21 @@ tell a browser about a fatal error in the http processing ***************************************************************************/ static void cgi_setup_error(char *err, char *header, char *info) { - printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n", err, header, err, err, info); + if (!got_request) { + /* damn browsers don't like getting cut off before they give a request */ + char line[1024]; + while (fgets(line, sizeof(line)-1, stdin)) { + if (strncasecmp(line,"GET ", 4)==0 || + strncasecmp(line,"POST ", 5)==0 || + strncasecmp(line,"PUT ", 4)==0) { + break; + } + } + } + + printf("HTTP/1.0 %s\r\n%sConnection: close\r\nContent-Type: text/html\r\n\r\n<HTML><HEAD><TITLE>%s</TITLE></HEAD><BODY><H1>%s</H1>%s<p></BODY></HTML>\r\n\r\n", err, header, err, err, info); + fclose(stdin); + fclose(stdout); exit(0); } @@ -492,6 +507,11 @@ void cgi_setup(char *rootdir, int auth_required) inetd_server = True; + if (!check_access(1, lp_hostsallow(-1), lp_hostsdeny(-1))) { + cgi_setup_error("400 Server Error", "", + "Samba is configured to deny access from this client\n<br>Check your \"hosts allow\" and \"hosts deny\" options in smb.conf "); + } + #if CGI_LOGGING f = sys_fopen("/tmp/cgi.log", "a"); if (f) fprintf(f,"\n[Date: %s %s (%s)]\n", @@ -507,11 +527,14 @@ void cgi_setup(char *rootdir, int auth_required) #endif if (line[0] == '\r' || line[0] == '\n') break; if (strncasecmp(line,"GET ", 4)==0) { + got_request = True; url = strdup(&line[4]); } else if (strncasecmp(line,"POST ", 5)==0) { + got_request = True; request_post = 1; url = strdup(&line[5]); } else if (strncasecmp(line,"PUT ", 4)==0) { + got_request = True; cgi_setup_error("400 Bad Request", "", "This server does not accept PUT requests"); } else if (strncasecmp(line,"Authorization: ", 15)==0) { diff --git a/source3/web/swat.c b/source3/web/swat.c index 8c5ac782a3..ed139e2483 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -382,12 +382,9 @@ static void commit_parameters(int snum) /**************************************************************************** load the smb.conf file into loadparm. ****************************************************************************/ -static void load_config(void) +static BOOL load_config(void) { - if (!lp_load(servicesf,False,True,False)) { - printf("<b>Can't load %s - using defaults</b><p>\n", - servicesf); - } + return lp_load(servicesf,False,True,False); } /**************************************************************************** @@ -909,17 +906,13 @@ static void printers_page(void) } } + charset_initialise(); + load_config(); + cgi_setup(SWATDIR, !demo_mode); print_header(); - charset_initialise(); - - /* if this binary is setuid then run completely as root */ - setuid(0); - - load_config(); - cgi_load_variables(NULL); show_main_buttons(); |