Rev 11539 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 11539 | Rev 12248 | ||
---|---|---|---|
Line 39... | Line 39... | ||
39 | int charcnt; |
39 | int charcnt; |
40 | FILE *outf; |
40 | FILE *outf; |
41 | 41 | ||
42 | void errorquit(char *msg) |
42 | void errorquit(char *msg) |
43 | { |
43 | { |
44 |
|
44 | fprintf(stderr,"%s: %s\n",msg,strerror(errno)); exit(1); |
45 | } |
45 | } |
46 | 46 | ||
47 | /* Points to the end of the word */ |
47 | /* Points to the end of the word */ |
48 | char *find_word_end(char *p) |
48 | char *find_word_end(char *p) |
49 | { |
49 | { |
50 |
|
50 | int i; |
51 |
|
51 | for(i=0;!isspace(*p) && *p!=0 && i<MAX_LINELEN; p++,i++); |
52 |
|
52 | return p; |
53 | } |
53 | } |
54 | 54 | ||
55 | /* Strips leading spaces */ |
55 | /* Strips leading spaces */ |
56 | char *find_word_start(char *p) |
56 | char *find_word_start(char *p) |
57 | { |
57 | { |
58 |
|
58 | int i; |
59 |
|
59 | for(i=0; isspace(*p) && i<MAX_LINELEN; p++,i++); |
60 |
|
60 | return p; |
61 | } |
61 | } |
62 | 62 | ||
63 | /* Secured execution */ |
63 | /* Secured execution */ |
64 | void secure(char *host) |
64 | void secure(char *host) |
65 | { |
65 | { |
66 |
|
66 | char *p1, *p2, *p3, buf[MAX_LINELEN+1]; |
67 |
|
67 | long int l; |
68 |
|
68 | FILE *f; |
69 | 69 | ||
70 |
|
70 | p1=getenv("w_module"); if(p1==NULL || *p1==0) return; |
71 |
|
71 | p1=getenv("untrust"); if(p1==NULL || *p1==0) return; |
72 |
|
72 | f=fopen("webget.sites","r"); if(f==NULL) return; |
73 |
|
73 | l=fread(buf,1,MAX_LINELEN,f); fclose(f); |
74 |
|
74 | if(l<=0 || l>MAX_LINELEN) return; |
75 |
|
75 | buf[l]=0; |
76 |
|
76 | for(p1=find_word_start(buf);*p1;p1=find_word_start(p2)) { |
77 |
|
77 | p2=find_word_end(p1); if(*p2) *p2++=0; |
78 |
|
78 | p3=strstr(host,p1); if(p3==NULL) continue; |
79 |
|
79 | if((p3==host || *(p3-1)=='.') && *(p3+strlen(p1))==0) return; |
80 |
|
80 | } |
81 |
|
81 | exit(1); /* unauthorized sites refused. */ |
82 | } |
82 | } |
83 | 83 | ||
84 | /* open a TCP/IP socket with host/port |
84 | /* open a TCP/IP socket with host/port |
85 | * returns the file descriptor for the socket */ |
85 | * returns the file descriptor for the socket */ |
86 | int net_connect(char *host) |
86 | int net_connect(char *host) |
87 | { |
87 | { |
88 |
|
88 | struct hostent *hp; |
89 |
|
89 | struct sockaddr_in sin; |
90 |
|
90 | int soc; |
- | 91 | ||
- | 92 | secure(host); |
|
- | 93 | if(!(hp = gethostbyname(host))) errorquit("unknown host."); |
|
- | 94 | if((soc = socket(hp->h_addrtype,SOCK_STREAM,0))<0) |
|
- | 95 | errorquit("socket() error"); |
|
- | 96 | memmove(&sin.sin_addr,hp->h_addr,hp->h_length); |
|
- | 97 | sin.sin_port=htons(port); |
|
- | 98 | sin.sin_family = hp->h_addrtype; |
|
- | 99 | if(connect(soc,(struct sockaddr *)&sin,sizeof(sin))<0) { |
|
- | 100 | close(soc); errorquit("connect() error"); |
|
- | 101 | } |
|
- | 102 | return soc; |
|
- | 103 | } |
|
- | 104 | ||
- | 105 | int gethttps(char *host) |
|
- | 106 | { |
|
- | 107 | char buf[65536]; |
|
- | 108 | char *tp; |
|
91 | 109 | ||
92 | secure(host); |
- | |
93 | if(!(hp = gethostbyname(host))) errorquit("unknown host."); |
- | |
94 | if((soc = socket(hp->h_addrtype,SOCK_STREAM,0))<0) |
- | |
95 | errorquit("socket() error"); |
- | |
96 | memmove(&sin.sin_addr,hp->h_addr,hp->h_length); |
- | |
97 | sin.sin_port=htons(port); |
- | |
98 | sin.sin_family = hp->h_addrtype; |
- | |
99 | if(connect(soc,(struct sockaddr *)&sin,sizeof(sin))<0) { |
- | |
100 | close(soc); errorquit("connect() error"); |
- | |
101 | } |
- | |
102 | return soc; |
- | |
103 | } |
- | |
104 | - | ||
105 | int gethttps(char *host) |
- | |
106 | { |
- | |
107 | char buf[65536]; |
- | |
108 | char *tp; |
- | |
109 | - | ||
110 |
|
110 | tp=getenv("tmp_dir"); if(tp!=NULL && *tp!=0) tmpdir=tp; |
111 |
|
111 | snprintf(tfname,sizeof(tfname),"%s/https.tmp",tmpdir); |
112 |
|
112 | snprintf(buf,sizeof(buf),"\ |
113 | mkdir -p %s\n\ |
113 | mkdir -p %s\n\ |
114 | openssl s_client -connect %s:%d -quiet 2>/dev/null >%s <<@\n\ |
114 | openssl s_client -connect %s:%d -quiet 2>/dev/null >%s <<@\n\ |
115 | %s\n\ |
115 | %s\n\ |
116 | @\n", tmpdir,host,port,tfname,tbuf); |
116 | @\n", tmpdir,host,port,tfname,tbuf); |
117 |
|
117 | if (system(buf)) |
118 |
|
118 | errorquit("system() error"); |
119 |
|
119 | return open(tfname,O_RDONLY); |
120 | } |
120 | } |
121 | 121 | ||
122 | int main(int argc, char *argv[]) |
122 | int main(int argc, char *argv[]) |
123 | { |
123 | { |
124 |
|
124 | char *parm, *pt, *p1, *p2, *p3, *p4, *dp, *pre; |
125 |
|
125 | char nbuf[4096], *pp1, *pp2; |
126 |
|
126 | char c; |
127 | 127 | ||
128 |
|
128 | parm=getenv("wims_exec_parm"); |
129 |
|
129 | if(parm==NULL || *parm==0) errorquit("no_parameter"); |
130 |
|
130 | snprintf(pbuf,sizeof(pbuf),"%s",parm); |
131 |
|
131 | p1=find_word_start(pbuf); p2=find_word_end(p1); |
132 |
|
132 | if(*p2!=0) *p2++=0; |
133 |
|
133 | https=0; |
134 |
|
134 | outf=stdout; pp1=getenv("w_webget_output"); |
135 |
|
135 | pp2=getenv("session_dir"); |
136 |
|
136 | if(pp1!=NULL && strstr(pp1,"..")==NULL && isalnum(*pp1) && pp2!=NULL) { |
137 |
|
137 | snprintf(nbuf,sizeof(nbuf),"%s/%s",pp2,pp1); |
138 |
|
138 | outf=fopen(nbuf,"w"); if(outf==NULL) outf=stdout; |
- | 139 | } |
|
- | 140 | dp=getenv("w_webget_option"); |
|
- | 141 | if(dp!=NULL && strstr(dp,"direct")!=NULL) { /* direct get */ |
|
- | 142 | p1=getenv("w_webget_host"); |
|
- | 143 | p2=getenv("w_webget_port"); |
|
- | 144 | if(p1==NULL || p2==NULL) errorquit("incomplete_request"); |
|
- | 145 | port=atoi(p2); |
|
- | 146 | soc=net_connect(p1); if(soc==-1) return 1; |
|
- | 147 | c=' '; |
|
- | 148 | for(p3=parm; *p3; p3++) { |
|
- | 149 | if(*p3=='\n' && c!='\r') (void)write(soc,"\r",1); |
|
- | 150 | (void)write(soc,p3,1); c=*p3; |
|
139 | } |
151 | } |
- | 152 | (void)write(soc,"\r\n\r\n",4); |
|
140 |
|
153 | pt=getenv("w_module"); |
141 | if( |
154 | if(pt==NULL || *pt==0 || strncmp(pt,"adm/",4)==0 ) { /* File to post? */ |
142 |
|
155 | pt=getenv("w_webget_post"); |
143 |
|
156 | if(pt!=NULL && *pt!=0) { |
- | 157 | FILE *f; |
|
144 |
|
158 | char buf[4096]; |
145 |
|
159 | size_t l; |
146 |
|
160 | f=fopen(pt,"r"); if(f!=NULL) { |
- | 161 | do { |
|
147 |
|
162 | l=fread(buf,1,sizeof(buf),f); |
148 | if( |
163 | if(l>0 && l<=sizeof(buf)) (void)write(soc,buf,l); |
- | 164 | } |
|
149 |
|
165 | while(l==sizeof(buf)); |
- | 166 | fclose(f); |
|
150 | } |
167 | } |
151 | (void)write(soc,"\r\n\r\n",4); |
- | |
152 | pt=getenv("w_module"); |
- | |
153 | if(pt==NULL || *pt==0 || strncmp(pt,"adm/",4)==0 ) { /* File to post? */ |
- | |
154 | pt=getenv("w_webget_post"); if(pt!=NULL && *pt!=0) { |
- | |
155 | FILE *f; |
- | |
156 | char buf[4096]; |
- | |
157 | size_t l; |
- | |
158 | f=fopen(pt,"r"); if(f!=NULL) { |
- | |
159 | do { |
- | |
160 | l=fread(buf,1,sizeof(buf),f); |
- | |
161 | if(l>0 && l<=sizeof(buf)) (void)write(soc,buf,l); |
- | |
162 | } while(l==sizeof(buf)); |
- | |
163 | fclose(f); |
- | |
164 | } |
- | |
165 |
|
168 | } |
166 |
|
169 | } |
167 |
|
170 | if(strstr(dp,"normalread")!=NULL) goto read; |
168 |
|
171 | charcnt=0; |
169 |
|
172 | while(read(soc,pbuf,1)>0 && charcnt<10240) { |
170 |
|
173 | fputc(pbuf[0],outf); charcnt++; |
171 |
|
174 | } |
172 |
|
175 | close(soc); |
173 |
|
176 | return 0; |
174 |
|
177 | } |
175 |
|
178 | if(strncasecmp(p1,"http://",strlen("http://"))==0) p1+=strlen("http://"); |
- | 179 | else |
|
176 |
|
180 | if(strncasecmp(p1,"https://",strlen("https://"))==0) { |
177 | https=1; p1+=strlen("https://"); |
181 | https=1; p1+=strlen("https://"); |
178 | } |
182 | } |
179 |
|
183 | p3=strchr(p1,'/'); if(p3==NULL) p3=""; |
180 |
|
184 | else {*p3++=0; while(*p3=='/') p3++;} |
181 |
|
185 | if(strncasecmp(p3,"http://",strlen("http://"))==0 || |
182 |
|
186 | strncasecmp(p3,"https://",strlen("https://"))==0) pre=""; |
183 |
|
187 | else pre="/"; |
184 |
|
188 | snprintf(tbuf,sizeof(tbuf),"GET %s%s HTTP/1.0\r\n%s\r\n\ |
185 | Host: %s\r\n\ |
189 | Host: %s\r\n\ |
186 | %s\r\n\r\n", |
190 | %s\r\n\r\n", |
187 | pre,p3,cheater1,p1,cheater2); |
191 | pre,p3,cheater1,p1,cheater2); |
188 |
|
192 | p4=strchr(p1,':'); |
- | 193 | if(p4==NULL) { |
|
189 |
|
194 | if(https) port=443; else port=80; |
190 |
|
195 | } |
191 |
|
196 | else {*p4++=0; port=atoi(p4);} |
192 |
|
197 | if(https) { |
193 |
|
198 | soc=gethttps(p1); goto read; |
194 |
|
199 | } |
195 |
|
200 | soc=net_connect(p1); |
196 |
|
201 | (void)write(soc,tbuf,strlen(tbuf)); |
197 | /* header */ |
202 | /* header */ |
198 |
|
203 | read: if(soc==-1) return 1; |
199 |
|
204 | c=-1; |
200 |
|
205 | while(read(soc,pbuf,1)>0) { |
201 |
|
206 | if(pbuf[0]=='\r') continue; |
202 |
|
207 | fputc(pbuf[0],stderr); |
203 |
|
208 | if((c=='\n') && (pbuf[0]=='\n')) break; else c=pbuf[0]; |
204 |
|
209 | } |
205 | /* body */ |
210 | /* body */ |
206 |
|
211 | charcnt=0; |
207 |
|
212 | while(read(soc,pbuf,1)>0 && charcnt<MAX_WEBGETFLEN) { |
208 |
|
213 | fputc(pbuf[0],outf); charcnt++; |
209 |
|
214 | } |
210 |
|
215 | close(soc); |
211 |
|
216 | if(outf!=stdout) fclose(outf); |
212 |
|
217 | if(https) unlink(tfname); |
213 |
|
218 | return 0; |
214 | } |
219 | } |
215 | 220 |