diff options
-rw-r--r-- | source3/cgi.c | 19 | ||||
-rw-r--r-- | source3/web/cgi.c | 19 | ||||
-rw-r--r-- | source3/wsmbconf.c | 66 |
3 files changed, 60 insertions, 44 deletions
diff --git a/source3/cgi.c b/source3/cgi.c index 3739d712d3..f165c56110 100644 --- a/source3/cgi.c +++ b/source3/cgi.c @@ -501,9 +501,22 @@ static void cgi_download(char *file) { struct stat st; char buf[1024]; - int fd, l; + int fd, l, i; char *p; + /* sanitise the filename */ + for (i=0;file[i];i++) { + if (!isalnum(file[i]) && !strchr("/.-_", file[i])) { + cgi_setup_error("404 File Not Found","", + "Illegal character in filename"); + } + } + + if (strstr(file,"..")) { + cgi_setup_error("404 File Not Found","", + "Relative paths not allowed"); + } + if (!file_exist(file, &st)) { cgi_setup_error("404 File Not Found","", "The requested file was not found"); @@ -574,7 +587,7 @@ void cgi_setup(char *rootdir) if (!authenticated) { cgi_setup_error("401 Authorization Required", - "WWW-Authenticate: Basic realm=\"samba\"\r\n", + "WWW-Authenticate: Basic realm=\"root\"\r\n", "You must be authenticated to use this service"); } @@ -604,3 +617,5 @@ void cgi_setup(char *rootdir) printf("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n"); } + + diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 3739d712d3..f165c56110 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -501,9 +501,22 @@ static void cgi_download(char *file) { struct stat st; char buf[1024]; - int fd, l; + int fd, l, i; char *p; + /* sanitise the filename */ + for (i=0;file[i];i++) { + if (!isalnum(file[i]) && !strchr("/.-_", file[i])) { + cgi_setup_error("404 File Not Found","", + "Illegal character in filename"); + } + } + + if (strstr(file,"..")) { + cgi_setup_error("404 File Not Found","", + "Relative paths not allowed"); + } + if (!file_exist(file, &st)) { cgi_setup_error("404 File Not Found","", "The requested file was not found"); @@ -574,7 +587,7 @@ void cgi_setup(char *rootdir) if (!authenticated) { cgi_setup_error("401 Authorization Required", - "WWW-Authenticate: Basic realm=\"samba\"\r\n", + "WWW-Authenticate: Basic realm=\"root\"\r\n", "You must be authenticated to use this service"); } @@ -604,3 +617,5 @@ void cgi_setup(char *rootdir) printf("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n"); } + + diff --git a/source3/wsmbconf.c b/source3/wsmbconf.c index 203952c204..8abdd6d398 100644 --- a/source3/wsmbconf.c +++ b/source3/wsmbconf.c @@ -31,11 +31,12 @@ #define GLOBALS_SNUM -2 #define DEFAULTS_SNUM -1 +static pstring servicesf = CONFIGFILE; + /* start the page with standard stuff */ static void print_header(void) { - printf("Content-type: text/html\n\n"); printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n"); printf("<HTML>\n<HEAD>\n<TITLE>smb.conf</TITLE>\n</HEAD>\n<BODY>\n\n"); } @@ -47,15 +48,6 @@ static void print_footer(void) printf("\n</BODY>\n</HTML>\n"); } -/* setup persisant variables */ -static void set_persistent(char *name) -{ - char *p; - p = cgi_variable(name); - if (!p) return; - printf("<input type=hidden name=%s value=%s>\n", name, p); -} - /* display a servce, ready for editing */ static void show_service(int snum, int allparameters) { @@ -119,29 +111,11 @@ static void show_services(void) } -/* load the smb.conf file into loadparm. this also does the chroot - to the config directory. This must be called _BEFORE_ any client - supplied data is parsed */ +/* load the smb.conf file into loadparm. */ static int load_config(void) { - static pstring servicesf = CONFIGFILE; - char *p; - - p = strrchr(servicesf,'/'); - if (!p) return 0; - - *p = 0; - setuid(0); - - if (chdir(servicesf) || chroot(servicesf)) { - printf("wsmbconf is not configured correctly\n"); - return 0; - } - - *p = '/'; - - if (!lp_load(p,False)) { + if (!lp_load(servicesf,False)) { printf("<b>Can't load %s - using defaults</b><p>\n", servicesf); } @@ -151,14 +125,9 @@ static int load_config(void) static int save_reload(void) { - static pstring servicesf = CONFIGFILE; - char *p; FILE *f; - p = strrchr(servicesf,'/'); - if (!p) return 0; - - f = fopen(p,"w"); + f = fopen(servicesf,"w"); if (!f) { printf("failed to open %s for writing\n", servicesf); return 0; @@ -172,7 +141,7 @@ static int save_reload(void) lp_killunused(NULL); - if (!lp_load(p,False)) { + if (!lp_load(servicesf,False)) { printf("Can't reload %s\n", servicesf); return 0; } @@ -233,16 +202,33 @@ static void process_requests(void) int main(int argc, char *argv[]) { + extern char *optarg; + extern int optind; extern FILE *dbf; + int opt; + + dbf = fopen("/dev/null", "w"); + + if (!dbf) dbf = stderr; + + cgi_setup(WEB_ROOT); - print_header(); - dbf = stderr; + while ((opt = getopt(argc, argv,"s:")) != EOF) { + switch (opt) { + case 's': + pstrcpy(servicesf,optarg); + break; + } + } + + + print_header(); charset_initialise(); if (load_config()) { - cgi_load_variables(); + cgi_load_variables(NULL); process_requests(); show_services(); } |