tilde-luzah-bozo.c revision 1.2
1 /* $NetBSD: tilde-luzah-bozo.c,v 1.2 2007/10/17 18:48:02 tls Exp $ */ 2 3 /* $eterna: tilde-luzah-bozo.c,v 1.4 2006/05/17 08:37:36 mrg Exp $ */ 4 5 /* 6 * Copyright (c) 1997-2006 Matthew R. Green 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer and 16 * dedication in the documentation and/or other materials provided 17 * with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 */ 34 35 /* this code implements ~user support for bozohttpd */ 36 37 #ifndef NO_USER_SUPPORT 38 39 #include <sys/param.h> 40 41 #include <errno.h> 42 #include <pwd.h> 43 #include <string.h> 44 #include <unistd.h> 45 46 #include "bozohttpd.h" 47 48 #ifndef PUBLIC_HTML 49 #define PUBLIC_HTML "public_html" 50 #endif 51 52 int uflag; /* allow /~user/ translation */ 53 const char *public_html = PUBLIC_HTML; 54 55 /* 56 * user_transform does this: 57 * - chdir's /~user/public_html 58 * - returns the rest of the file, index.html appended if required 59 * 60 * transform_request() is supposed to check that we have user support 61 * enabled. 62 */ 63 char * 64 user_transform(request, isindex) 65 http_req *request; 66 int *isindex; 67 { 68 char c, *s, *file = NULL; 69 struct passwd *pw; 70 71 *isindex = 0; 72 73 if ((s = strchr(request->hr_url + 2, '/')) != NULL) { 74 *s++ = '\0'; 75 c = s[strlen(s)-1]; 76 *isindex = (c == '/' || c == '\0'); 77 } 78 79 debug((DEBUG_OBESE, "looking for user %s", request->hr_url + 2)); 80 pw = getpwnam(request->hr_url + 2); 81 /* fix this up immediately */ 82 if (s) 83 s[-1] = '/'; 84 if (pw == NULL) 85 http_error(404, request, "no such user"); 86 87 debug((DEBUG_OBESE, "user %s home dir %s uid %d gid %d", pw->pw_name, 88 pw->pw_dir, pw->pw_uid, pw->pw_gid)); 89 90 if (chdir(pw->pw_dir) < 0) { 91 warning("chdir1 error: %s: %s", pw->pw_dir, strerror(errno)); 92 http_error(403, request, "can't chdir to homedir"); 93 } 94 if (chdir(public_html) < 0) { 95 warning("chdir2 error: %s: %s", public_html, strerror(errno)); 96 http_error(403, request, "can't chdir to public_html"); 97 } 98 if (s == NULL || *s == '\0') { 99 file = bozostrdup(index_html); 100 } else { 101 file = bozomalloc(strlen(s) + 102 (*isindex ? strlen(index_html) + 1 : 1)); 103 strcpy(file, s); 104 if (*isindex) 105 strcat(file, index_html); 106 } 107 108 /* see transform_request() */ 109 if (*file == '/' || strcmp(file, "..") == 0 || 110 strstr(file, "/..") || strstr(file, "../")) 111 http_error(403, request, "illegal request"); 112 113 auth_check(request, file); 114 115 debug((DEBUG_FAT, "transform_user returning %s under %s", file, 116 pw->pw_dir)); 117 return (file); 118 } 119 #endif /* NO_USER_SUPPORT */ 120
Indexes created Mon Sep 29 21:09:56 GMT 2025