summaryrefslogtreecommitdiff
path: root/source3/web
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-05-17 11:45:58 +0000
committerAndrew Tridgell <tridge@samba.org>2001-05-17 11:45:58 +0000
commited585b91eb2be5bff000c715ff11447d3aaa0cb0 (patch)
tree9db905ff3b9f34d8b682843709eea6dff9c28867 /source3/web
parent8d9aadc2bcca34d557fe61e9dd63477136dc41ec (diff)
downloadsamba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.tar.gz
samba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.tar.bz2
samba-ed585b91eb2be5bff000c715ff11447d3aaa0cb0.zip
- added ability for swat to run under CGI. This needs
to be setup very carefully for it not to be a security hole - reran configure (This used to be commit cf4e439a1e0f3fadbe08c474e5b201827866d7f5)
Diffstat (limited to 'source3/web')
-rw-r--r--source3/web/cgi.c34
1 files changed, 33 insertions, 1 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index e4fda2d99c..07f84b2a61 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -292,6 +292,36 @@ static void cgi_auth_error(void)
exit(0);
}
+/***************************************************************************
+authenticate when we are running as a CGI
+ ***************************************************************************/
+static void cgi_web_auth(void)
+{
+ char *user = getenv("REMOTE_USER");
+ struct passwd *pwd;
+ char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+ char *tail = "</BODY></HTML>\r\n";
+
+ if (!user) {
+ printf("%sREMOTE_USER not set. Not authenticated by web server.<br>%s\n",
+ head, tail);
+ exit(0);
+ }
+
+ pwd = getpwnam(user);
+ if (!pwd) {
+ printf("%sCannot find user %s<br>%s\n", head, user, tail);
+ exit(0);
+ }
+
+ setuid(0);
+ setuid(pwd->pw_uid);
+ if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
+ printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
+ head, user, (int)geteuid(), (int)getuid(), tail);
+ exit(0);
+ }
+}
/***************************************************************************
decode a base64 string in-place - simple and slow algorithm
@@ -483,6 +513,8 @@ static void cgi_download(char *file)
}
+
+
/***************************************************************************
setup the cgi framework, handling the possability that this program is either
run as a true cgi program by a web browser or is itself a mini web server
@@ -502,7 +534,7 @@ void cgi_setup(char *rootdir, int auth_required)
/* maybe we are running under a web server */
if (getenv("CONTENT_LENGTH") || getenv("REQUEST_METHOD")) {
if (auth_required) {
- cgi_auth_error();
+ cgi_web_auth();
}
return;
}