Subversion Repositories wimsdev

Rev

Rev 11539 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 11539 Rev 12248
Line 39... Line 39...
39
int charcnt;
39
int charcnt;
40
FILE *outf;
40
FILE *outf;
41
 
41
 
42
void errorquit(char *msg)
42
void errorquit(char *msg)
43
{
43
{
44
    fprintf(stderr,"%s: %s\n",msg,strerror(errno)); exit(1);
44
  fprintf(stderr,"%s: %s\n",msg,strerror(errno)); exit(1);
45
}
45
}
46
 
46
 
47
/* Points to the end of the word */
47
/* Points to the end of the word */
48
char *find_word_end(char *p)
48
char *find_word_end(char *p)
49
{
49
{
50
    int i;
50
  int i;
51
    for(i=0;!isspace(*p) && *p!=0 && i<MAX_LINELEN; p++,i++);
51
  for(i=0;!isspace(*p) && *p!=0 && i<MAX_LINELEN; p++,i++);
52
    return p;
52
  return p;
53
}
53
}
54
 
54
 
55
/* Strips leading spaces */
55
/* Strips leading spaces */
56
char *find_word_start(char *p)
56
char *find_word_start(char *p)
57
{
57
{
58
    int i;
58
  int i;
59
    for(i=0; isspace(*p) && i<MAX_LINELEN; p++,i++);
59
  for(i=0; isspace(*p) && i<MAX_LINELEN; p++,i++);
60
    return p;
60
  return p;
61
}
61
}
62
 
62
 
63
/* Secured execution */
63
/* Secured execution */
64
void secure(char *host)
64
void secure(char *host)
65
{
65
{
66
    char *p1, *p2, *p3, buf[MAX_LINELEN+1];
66
  char *p1, *p2, *p3, buf[MAX_LINELEN+1];
67
    long int l;
67
  long int l;
68
    FILE *f;
68
  FILE *f;
69
 
69
 
70
    p1=getenv("w_module"); if(p1==NULL || *p1==0) return;
70
  p1=getenv("w_module"); if(p1==NULL || *p1==0) return;
71
    p1=getenv("untrust"); if(p1==NULL || *p1==0) return;
71
  p1=getenv("untrust"); if(p1==NULL || *p1==0) return;
72
    f=fopen("webget.sites","r"); if(f==NULL) return;
72
  f=fopen("webget.sites","r"); if(f==NULL) return;
73
    l=fread(buf,1,MAX_LINELEN,f); fclose(f);
73
  l=fread(buf,1,MAX_LINELEN,f); fclose(f);
74
    if(l<=0 || l>MAX_LINELEN) return;
74
  if(l<=0 || l>MAX_LINELEN) return;
75
    buf[l]=0;
75
  buf[l]=0;
76
    for(p1=find_word_start(buf);*p1;p1=find_word_start(p2)) {
76
  for(p1=find_word_start(buf);*p1;p1=find_word_start(p2)) {
77
      p2=find_word_end(p1); if(*p2) *p2++=0;
77
    p2=find_word_end(p1); if(*p2) *p2++=0;
78
      p3=strstr(host,p1); if(p3==NULL) continue;
78
    p3=strstr(host,p1); if(p3==NULL) continue;
79
      if((p3==host || *(p3-1)=='.') && *(p3+strlen(p1))==0) return;
79
    if((p3==host || *(p3-1)=='.') && *(p3+strlen(p1))==0) return;
80
    }
80
  }
81
    exit(1);  /* unauthorized sites refused. */
81
  exit(1);  /* unauthorized sites refused. */
82
}
82
}
83
 
83
 
84
/* open a TCP/IP socket with host/port
84
/* open a TCP/IP socket with host/port
85
 * returns the file descriptor for the socket */
85
 * returns the file descriptor for the socket */
86
int net_connect(char *host)
86
int net_connect(char *host)
87
{
87
{
88
    struct hostent *hp;
88
  struct hostent *hp;
89
    struct sockaddr_in sin;
89
  struct sockaddr_in sin;
90
    int soc;
90
  int soc;
-
 
91
 
-
 
92
  secure(host);
-
 
93
  if(!(hp = gethostbyname(host))) errorquit("unknown host.");
-
 
94
  if((soc = socket(hp->h_addrtype,SOCK_STREAM,0))<0)
-
 
95
    errorquit("socket() error");
-
 
96
  memmove(&sin.sin_addr,hp->h_addr,hp->h_length);
-
 
97
  sin.sin_port=htons(port);
-
 
98
  sin.sin_family = hp->h_addrtype;
-
 
99
  if(connect(soc,(struct sockaddr *)&sin,sizeof(sin))<0) {
-
 
100
    close(soc); errorquit("connect() error");
-
 
101
  }
-
 
102
  return soc;
-
 
103
}
-
 
104
 
-
 
105
int gethttps(char *host)
-
 
106
{
-
 
107
  char buf[65536];
-
 
108
  char *tp;
91
 
109
 
92
    secure(host);
-
 
93
    if(!(hp = gethostbyname(host))) errorquit("unknown host.");
-
 
94
    if((soc = socket(hp->h_addrtype,SOCK_STREAM,0))<0)
-
 
95
      errorquit("socket() error");
-
 
96
    memmove(&sin.sin_addr,hp->h_addr,hp->h_length);
-
 
97
    sin.sin_port=htons(port);
-
 
98
    sin.sin_family = hp->h_addrtype;
-
 
99
    if(connect(soc,(struct sockaddr *)&sin,sizeof(sin))<0) {
-
 
100
      close(soc); errorquit("connect() error");
-
 
101
    }
-
 
102
    return soc;
-
 
103
}
-
 
104
 
-
 
105
int gethttps(char *host)
-
 
106
{
-
 
107
    char buf[65536];
-
 
108
    char *tp;
-
 
109
 
-
 
110
    tp=getenv("tmp_dir"); if(tp!=NULL && *tp!=0) tmpdir=tp;
110
  tp=getenv("tmp_dir"); if(tp!=NULL && *tp!=0) tmpdir=tp;
111
    snprintf(tfname,sizeof(tfname),"%s/https.tmp",tmpdir);
111
  snprintf(tfname,sizeof(tfname),"%s/https.tmp",tmpdir);
112
    snprintf(buf,sizeof(buf),"\
112
  snprintf(buf,sizeof(buf),"\
113
mkdir -p %s\n\
113
mkdir -p %s\n\
114
openssl s_client -connect %s:%d -quiet 2>/dev/null >%s <<@\n\
114
openssl s_client -connect %s:%d -quiet 2>/dev/null >%s <<@\n\
115
%s\n\
115
%s\n\
116
@\n", tmpdir,host,port,tfname,tbuf);
116
@\n", tmpdir,host,port,tfname,tbuf);
117
    if (system(buf))
117
  if (system(buf))
118
      errorquit("system() error");
118
    errorquit("system() error");
119
    return open(tfname,O_RDONLY);
119
  return open(tfname,O_RDONLY);
120
}
120
}
121
 
121
 
122
int main(int argc, char *argv[])
122
int main(int argc, char *argv[])
123
{
123
{
124
    char *parm, *pt, *p1, *p2, *p3, *p4, *dp, *pre;
124
  char *parm, *pt, *p1, *p2, *p3, *p4, *dp, *pre;
125
    char nbuf[4096], *pp1, *pp2;
125
  char nbuf[4096], *pp1, *pp2;
126
    char c;
126
  char c;
127
 
127
 
128
    parm=getenv("wims_exec_parm");
128
  parm=getenv("wims_exec_parm");
129
    if(parm==NULL || *parm==0) errorquit("no_parameter");
129
  if(parm==NULL || *parm==0) errorquit("no_parameter");
130
    snprintf(pbuf,sizeof(pbuf),"%s",parm);
130
  snprintf(pbuf,sizeof(pbuf),"%s",parm);
131
    p1=find_word_start(pbuf); p2=find_word_end(p1);
131
  p1=find_word_start(pbuf); p2=find_word_end(p1);
132
    if(*p2!=0) *p2++=0;
132
  if(*p2!=0) *p2++=0;
133
    https=0;
133
  https=0;
134
    outf=stdout; pp1=getenv("w_webget_output");
134
  outf=stdout; pp1=getenv("w_webget_output");
135
    pp2=getenv("session_dir");
135
  pp2=getenv("session_dir");
136
    if(pp1!=NULL && strstr(pp1,"..")==NULL && isalnum(*pp1) && pp2!=NULL) {
136
  if(pp1!=NULL && strstr(pp1,"..")==NULL && isalnum(*pp1) && pp2!=NULL) {
137
      snprintf(nbuf,sizeof(nbuf),"%s/%s",pp2,pp1);
137
    snprintf(nbuf,sizeof(nbuf),"%s/%s",pp2,pp1);
138
      outf=fopen(nbuf,"w"); if(outf==NULL) outf=stdout;
138
    outf=fopen(nbuf,"w"); if(outf==NULL) outf=stdout;
-
 
139
  }
-
 
140
  dp=getenv("w_webget_option");
-
 
141
  if(dp!=NULL && strstr(dp,"direct")!=NULL) { /* direct get */
-
 
142
    p1=getenv("w_webget_host");
-
 
143
    p2=getenv("w_webget_port");
-
 
144
    if(p1==NULL || p2==NULL) errorquit("incomplete_request");
-
 
145
    port=atoi(p2);
-
 
146
    soc=net_connect(p1); if(soc==-1) return 1;
-
 
147
    c=' ';
-
 
148
    for(p3=parm; *p3; p3++) {
-
 
149
      if(*p3=='\n' && c!='\r') (void)write(soc,"\r",1);
-
 
150
      (void)write(soc,p3,1); c=*p3;
139
    }
151
    }
-
 
152
    (void)write(soc,"\r\n\r\n",4);
140
    dp=getenv("w_webget_option");
153
    pt=getenv("w_module");
141
    if(dp!=NULL && strstr(dp,"direct")!=NULL) { /* direct get */
154
    if(pt==NULL || *pt==0 || strncmp(pt,"adm/",4)==0 ) {  /* File to post? */
142
      p1=getenv("w_webget_host");
155
      pt=getenv("w_webget_post");
143
      p2=getenv("w_webget_port");
156
      if(pt!=NULL && *pt!=0) {
-
 
157
        FILE *f;
144
      if(p1==NULL || p2==NULL) errorquit("incomplete_request");
158
        char buf[4096];
145
      port=atoi(p2);
159
        size_t l;
146
      soc=net_connect(p1); if(soc==-1) return 1;
160
        f=fopen(pt,"r"); if(f!=NULL) {
-
 
161
        do {
147
      c=' '; for(p3=parm; *p3; p3++) {
162
          l=fread(buf,1,sizeof(buf),f);
148
          if(*p3=='\n' && c!='\r') (void)write(soc,"\r",1);
163
          if(l>0 && l<=sizeof(buf)) (void)write(soc,buf,l);
-
 
164
        }
149
          (void)write(soc,p3,1); c=*p3;
165
        while(l==sizeof(buf));
-
 
166
        fclose(f);
150
      }
167
      }
151
      (void)write(soc,"\r\n\r\n",4);
-
 
152
      pt=getenv("w_module");
-
 
153
      if(pt==NULL || *pt==0 || strncmp(pt,"adm/",4)==0 ) {  /* File to post? */
-
 
154
          pt=getenv("w_webget_post"); if(pt!=NULL && *pt!=0) {
-
 
155
            FILE *f;
-
 
156
            char buf[4096];
-
 
157
            size_t l;
-
 
158
            f=fopen(pt,"r"); if(f!=NULL) {
-
 
159
                do {
-
 
160
                  l=fread(buf,1,sizeof(buf),f);
-
 
161
                  if(l>0 && l<=sizeof(buf)) (void)write(soc,buf,l);
-
 
162
                } while(l==sizeof(buf));
-
 
163
                fclose(f);
-
 
164
            }
-
 
165
          }
168
    }
166
      }
169
  }
167
      if(strstr(dp,"normalread")!=NULL) goto read;
170
  if(strstr(dp,"normalread")!=NULL) goto read;
168
      charcnt=0;
171
  charcnt=0;
169
      while(read(soc,pbuf,1)>0 && charcnt<10240) {
172
  while(read(soc,pbuf,1)>0 && charcnt<10240) {
170
          fputc(pbuf[0],outf); charcnt++;
173
    fputc(pbuf[0],outf); charcnt++;
171
      }
174
  }
172
      close(soc);
175
  close(soc);
173
      return 0;
176
  return 0;
174
    }
177
  }
175
    if(strncasecmp(p1,"http://",strlen("http://"))==0) p1+=strlen("http://");
178
  if(strncasecmp(p1,"http://",strlen("http://"))==0) p1+=strlen("http://");
-
 
179
  else
176
    else if(strncasecmp(p1,"https://",strlen("https://"))==0) {
180
    if(strncasecmp(p1,"https://",strlen("https://"))==0) {
177
      https=1; p1+=strlen("https://");
181
      https=1; p1+=strlen("https://");
178
    }
182
    }
179
    p3=strchr(p1,'/'); if(p3==NULL) p3="";
183
  p3=strchr(p1,'/'); if(p3==NULL) p3="";
180
    else {*p3++=0; while(*p3=='/') p3++;}
184
  else {*p3++=0; while(*p3=='/') p3++;}
181
    if(strncasecmp(p3,"http://",strlen("http://"))==0 ||
185
  if(strncasecmp(p3,"http://",strlen("http://"))==0 ||
182
       strncasecmp(p3,"https://",strlen("https://"))==0) pre="";
186
     strncasecmp(p3,"https://",strlen("https://"))==0) pre="";
183
    else pre="/";
187
  else pre="/";
184
    snprintf(tbuf,sizeof(tbuf),"GET %s%s HTTP/1.0\r\n%s\r\n\
188
  snprintf(tbuf,sizeof(tbuf),"GET %s%s HTTP/1.0\r\n%s\r\n\
185
Host: %s\r\n\
189
Host: %s\r\n\
186
%s\r\n\r\n",
190
%s\r\n\r\n",
187
           pre,p3,cheater1,p1,cheater2);
191
           pre,p3,cheater1,p1,cheater2);
188
    p4=strchr(p1,':'); if(p4==NULL) {
192
  p4=strchr(p1,':');
-
 
193
  if(p4==NULL) {
189
      if(https) port=443; else port=80;
194
    if(https) port=443; else port=80;
190
    }
195
  }
191
    else {*p4++=0; port=atoi(p4);}
196
  else {*p4++=0; port=atoi(p4);}
192
    if(https) {
197
  if(https) {
193
      soc=gethttps(p1); goto read;
198
    soc=gethttps(p1); goto read;
194
    }
199
  }
195
    soc=net_connect(p1);
200
  soc=net_connect(p1);
196
    (void)write(soc,tbuf,strlen(tbuf));
201
  (void)write(soc,tbuf,strlen(tbuf));
197
/* header */
202
/* header */
198
    read: if(soc==-1) return 1;
203
  read: if(soc==-1) return 1;
199
    c=-1;
204
  c=-1;
200
    while(read(soc,pbuf,1)>0) {
205
  while(read(soc,pbuf,1)>0) {
201
      if(pbuf[0]=='\r') continue;
206
    if(pbuf[0]=='\r') continue;
202
      fputc(pbuf[0],stderr);
207
    fputc(pbuf[0],stderr);
203
      if((c=='\n') && (pbuf[0]=='\n')) break; else c=pbuf[0];
208
    if((c=='\n') && (pbuf[0]=='\n')) break; else c=pbuf[0];
204
    }
209
  }
205
/* body */
210
/* body */
206
    charcnt=0;
211
  charcnt=0;
207
    while(read(soc,pbuf,1)>0 && charcnt<MAX_WEBGETFLEN) {
212
  while(read(soc,pbuf,1)>0 && charcnt<MAX_WEBGETFLEN) {
208
      fputc(pbuf[0],outf); charcnt++;
213
    fputc(pbuf[0],outf); charcnt++;
209
    }
214
  }
210
    close(soc);
215
  close(soc);
211
    if(outf!=stdout) fclose(outf);
216
  if(outf!=stdout) fclose(outf);
212
    if(https) unlink(tfname);
217
  if(https) unlink(tfname);
213
    return 0;
218
  return 0;
214
}
219
}
215
 
220