diff options
Diffstat (limited to 'source3/web/cgi.c')
-rw-r--r-- | source3/web/cgi.c | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 305c173a5d..62a5e71e05 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -333,7 +333,7 @@ handle a http authentication line static BOOL cgi_handle_authorization(char *line) { char *p, *user, *user_pass; - const struct passwd *pass = NULL; + struct passwd *pass = NULL; BOOL ret = False; if (strncasecmp(line,"Basic ", 6)) { @@ -386,20 +386,7 @@ static BOOL cgi_handle_authorization(char *line) * We have not authenticated as root, * become the user *permanently*. */ - if(!become_user_permanently(pass->pw_uid, pass->pw_gid)) { - /* - * Always give the same error so a cracker - * cannot tell why we fail. - */ - cgi_setup_error("401 Bad Authorization", "", - "username/password must be supplied"); - return False; - } - - /* - * On exit from here we are the authenticated - * user - no way back. - */ + become_user_permanently(pass->pw_uid, pass->pw_gid); } /* Save the users name */ @@ -571,9 +558,9 @@ void cgi_setup(char *rootdir, int auth_required) *p = 0; } - string_sub(url, "/swat/", ""); + string_sub(url, "/swat/", "", 0); - if (strstr(url,"..")==0 && file_exist(url, NULL)) { + if (url[0] != '/' && strstr(url,"..")==0 && file_exist(url, NULL)) { cgi_download(url); } |