\n",
servicesf);
}
}
/****************************************************************************
spit out the html for a link with an image
****************************************************************************/
static void image_link(char *name,char *hlink, char *src)
{
printf("\n",
cgi_baseurl(), hlink, src, name);
}
/****************************************************************************
display the main navigation controls at the top of each page along
with a title
****************************************************************************/
static void show_main_buttons(void)
{
image_link("Home", "", "images/home.gif");
/* Root gets full functionality */
if (am_root() == True) {
image_link("Globals", "globals", "images/globals.gif");
image_link("Shares", "shares", "images/shares.gif");
image_link("Printers", "printers", "images/printers.gif");
image_link("Status", "status", "images/status.gif");
image_link("View Config", "viewconfig","images/viewconfig.gif");
}
/* Everyone gets this functionality */
image_link("Password Management", "passwd", "images/passwd.gif");
printf("
\n"); } /**************************************************************************** display a welcome page ****************************************************************************/ static void welcome_page(void) { include_html("help/welcome.html"); } /**************************************************************************** display the current smb.conf ****************************************************************************/ static void viewconfig_page(void) { int full_view=0; if (cgi_variable("full_view")) { full_view = 1; } printf("
Current Config
\n"); printf("\n"); } /**************************************************************************** display a globals editing page ****************************************************************************/ static void globals_page(void) { int advanced = 0; printf("Global Variables
\n"); if (cgi_variable("Advanced") && !cgi_variable("Basic")) advanced = 1; if (cgi_variable("Commit")) { commit_parameters(GLOBALS_SNUM); save_reload(); } printf("\n"); } /**************************************************************************** display a shares editing page ****************************************************************************/ static void shares_page(void) { char *share = cgi_variable("share"); char *s; int snum=-1; int i; int advanced = 0; if (share) snum = lp_servicenumber(share); printf("Share Parameters
\n"); if (cgi_variable("Advanced") && !cgi_variable("Basic")) advanced = 1; if (cgi_variable("Commit") && snum >= 0) { commit_parameters(snum); save_reload(); } if (cgi_variable("Delete") && snum >= 0) { lp_remove_service(snum); save_reload(); share = NULL; snum = -1; } if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) { lp_copy_service(GLOBALS_SNUM, share); save_reload(); snum = lp_servicenumber(share); } printf("\n"); } /**************************************************************************** ****************************************************************************/ static void sig_pipe ( int signo) { printf("SIGPIPE caught\n"); } /**************************************************************************** create 2 pipes and use them to feed the smbpasswd program ****************************************************************************/ static BOOL talk_to_smbpasswd(char *old, char *new) { int i, n, fd1[2], fd2[2]; pid_t pid; BOOL rslt; char line[MAX_STRINGLEN + 2]; /* one for newline, one for null */ if (signal(SIGPIPE, sig_pipe) == SIG_ERR) { printf("
signal error"); } if ((pipe(fd1) < 0) || (pipe(fd2) < 0)) { printf("
pipe error"); } if ((pid = fork()) < 0) { printf("
fork error"); } /* * Create this relationship with the pipes between the parent and * the child as detailed below. * * parent -> fd1[1] -- fd1[0] -> child * parent <- fd2[0] -- fd2[1] <- child * * fd1[0] is turned into child's stdin * fd2[1] is turned into child's stdout * fd2[1] is also turned into child's stderr * */ else if (pid > 0) { /* parent */ int to_child = fd1[1]; int from_child = fd2[0]; int wstat; close(fd1[0]); /* parent doesn't need input side of pipe fd1 */ close(fd2[1]); /* parent doesn't need output side of pipe fd2 */ /* * smbpasswd doesn't require any input to disable or enable a user */ if (!cgi_variable(disable_user_flag) && !cgi_variable(enable_user_flag)) { /* * smbpasswd requires a regular old user to send their old password */ if (am_root() == False) { n = (strlen(old) <= (MAX_STRINGLEN)) ? strlen(old) : (MAX_STRINGLEN); strncpy( line, old, n); line[n] = '\n'; n++; /* add carriage return */ line[n] = 0; /* add null terminator, for debug */ if (write( to_child, line, n) != n) { printf("
error on write to child"); } } /* * smbpasswd requires that the new password be sent to it twice */ for( i=0; i<2; i++) { n = (strlen(new) <= (MAX_STRINGLEN)) ? strlen(new) : (MAX_STRINGLEN); strncpy( line, new, n); line[n] = '\n'; n++; /* add carriage return */ line[n] = 0; /* add null terminator, for debug */ if (write( to_child, line, n) != n) { printf("
error on write to child"); break; } } } /* * Wait for smbpasswd to finish */ if (sys_waitpid(pid, &wstat, 0) < 0) { printf("
problem waiting"); } /* * Read the answer from the add program */ memset( line, '\0', sizeof(line)); if ((n = read( from_child, line, MAX_STRINGLEN)) < 0) { printf("
error on read from child"); } /* * Write the response from smbpasswd to user, if all is well * line[] should be just a null terminated line. We could * check for the null line and not print anything, but we * really should be checking the exit code if we want to be * sure. */ line[n] = 0; /* null terminate */ printf("
%s\n",line); close(to_child); close(from_child); if (line[0] == '\0') { rslt = True; /* All ok */ } else { rslt = False; /* Something didn't work */ } } else { /* child */ int from_parent = fd1[0]; int to_parent = fd2[1]; close(fd1[1]); /* child doesn't need output side of pipe fd1 */ close(fd2[0]); /* child doesn't need input side of pipe fd2 */ /* * Turn the from_parent pipe into the childs stdin */ if (from_parent != STDIN_FILENO) { if (dup2( from_parent, STDIN_FILENO) != STDIN_FILENO) { printf("
dup2 error of stdin"); } close( from_parent); } /* * Turn the to_parent pipe into the childs stdout */ if (to_parent != STDOUT_FILENO) { if (dup2( to_parent, STDOUT_FILENO) != STDOUT_FILENO) { printf("
dup2 error of stdout"); } close( to_parent); } /* * Make the childs stderr the to_parent pipe also */ if (dup2( STDOUT_FILENO, STDERR_FILENO) != STDERR_FILENO) { printf("
dup2 error of stdout"); } /* Root can do more */ if (am_root() == True) { if (cgi_variable(add_user_flag)) { /* * Add a user */ if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-a", cgi_variable(user), (char *) 0) < 0) { printf("
execl error of smbpasswd"); } } else if (cgi_variable(disable_user_flag)) { /* * Disable a user */ if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-d", cgi_variable(user), (char *) 0) < 0) { printf("
execl error of smbpasswd"); } } else if (cgi_variable(enable_user_flag)) { /* * Enable a user */ if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", "-e", cgi_variable(user), (char *) 0) < 0) { printf("
execl error of smbpasswd"); } } else { /* * Change a users password */ if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", cgi_variable(user), (char *) 0) < 0) { printf("
execl error of smbpasswd"); } } } else { /* * Ordinary users can change any users passwd if they know the old passwd */ if (execl(SMB_PASSWD_PROGRAM, "smbpasswd", "-s", (char *) 0) < 0) { printf("
execl error of smbpasswd"); } } } return(rslt); } /**************************************************************************** become the specified uid - permanently ! ****************************************************************************/ BOOL become_user_permanently(uid_t uid, gid_t gid) { if (geteuid() != 0) { return(True); } /* now completely lose our privilages. This is a fairly paranoid way of doing it, but it does work on all systems that I know of */ #ifdef HAVE_SETRESUID /* * Firstly ensure all our uids are set to root. */ setresgid(0,0,0); setresuid(0,0,0); /* * Now ensure we change all our gids. */ setresgid(gid,gid,gid); /* * Now ensure all the uids are the user. */ setresuid(uid,uid,uid); #else /* * Firstly ensure all our uids are set to root. */ setuid(0); seteuid(0); /* * Now ensure we change all our gids. */ setgid(gid); setegid(gid); /* * Now ensure all the uids are the user. */ setuid(uid); seteuid(uid); #endif if (getuid() != uid || geteuid() != uid || getgid() != gid || getegid() != gid) { /* We failed to lose our privilages. */ return False; } return(True); } /**************************************************************************** do the stuff required to add or change a password ****************************************************************************/ static void chg_passwd(void) { struct passwd *pass = NULL; BOOL rslt; /* Make sure users name has been specified */ if (strlen(cgi_variable(user)) == 0) { printf("
Must specify \"User Name\" \n"); return; } /* * smbpasswd doesn't require anything but the users name to disable or enable the user, * so if that's what we're doing, skip the rest of the checks */ if (!cgi_variable(disable_user_flag) && !cgi_variable(enable_user_flag)) { /* If current user is not root, make sure old password has been specified */ if ((am_root() == False) && (strlen( cgi_variable(old_pswd)) <= 0)) { printf("
Must specify \"Old Password\" \n"); return; } /* Make sure new passwords have been specified */ if ((strlen( cgi_variable(new_pswd )) <= 0) || (strlen( cgi_variable(new2_pswd)) <= 0)) { printf("
Must specify \"New, and Re-typed Passwords\" \n"); return; } /* Make sure new passwords was typed correctly twice */ if (strcmp(cgi_variable(new_pswd), cgi_variable(new2_pswd)) != 0) { printf("
Re-typed password didn't match new password\n"); return; } } #ifdef SWAT_DEBUG if (pass) printf("
User uid %d gid %d \n", pass->pw_uid, pass->pw_gid); printf("
Processes uid %d, euid %d, gid %d, egid %d \n",getuid(),geteuid(),getgid(),getegid()); printf("
User Name %s \n", cgi_variable(user)); printf("
Old passwd %s \n", cgi_variable(old_pswd) ? cgi_variable(old_pswd):""); printf("
New passwd %s \n", cgi_variable(new_pswd)); printf("
Re-typed New passwd %s \n", cgi_variable(new2_pswd)); printf("
flags '%s', '%s', '%s' \n", (cgi_variable( chg_passwd_flag) ? cgi_variable( chg_passwd_flag) : ""), (cgi_variable( add_user_flag) ? cgi_variable( add_user_flag) : ""), (cgi_variable( disable_user_flag) ? cgi_variable( disable_user_flag) : "")); (cgi_variable( enable_user_flag) ? cgi_variable( enable_user_flag) : "")); #endif /* SWAT_DEBUG */ rslt = talk_to_smbpasswd( cgi_variable(old_pswd), cgi_variable(new_pswd)); if (am_root() == False) { if (rslt == True) { printf("
The passwd for '%s' has been changed. \n",cgi_variable(user)); } else { printf("
The passwd for '%s' has NOT been changed. \n",cgi_variable(user)); } } return; } /**************************************************************************** display a password editing page ****************************************************************************/ static void passwd_page(void) { char *new_name; printf("