Documentation Source Text

Check-in [cf0aea0254]
Login
Home Timeline Branches Tickets Wiki More...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an issue with the chroot jail. At the ability to 404 certain Referer values.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: cf0aea0254c329b3bf67828996b59c48aef95098
User & Date: drh 2012-06-17 23:53:30
Context
2012-06-19
14:08
In althttpd, if the requested file is not found, look for the "not-found.html" file in the same directory and use it instead. (check-in: e4391f7f58 user: drh tags: trunk)
2012-06-17
23:53
Fix an issue with the chroot jail. At the ability to 404 certain Referer values. (check-in: cf0aea0254 user: drh tags: trunk)
2012-06-14
17:04
Minor correction to the 3.7.13 news. (check-in: 78b3be0bd9 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to misc/althttpd.c. 

933
934
935
936
937
938
939

940
941
942
943
944
945
946
...
977
978
979
980
981
982
983















984
985
986
987
988
989
990
....
1523
1524
1525
1526
1527
1528
1529

1530
1531
1532
1533
1534
1535
1536
....
1569
1570
1571
1572
1573
1574
1575
1576




1577
1578
1579
1580
1581
1582
1583
....
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600

  }

  /* Get all the optional fields that follow the first line.
  */
  zCookie = 0;
  zAuthType = 0;
  zRemoteUser = 0;

  while( fgets(zLine,sizeof(zLine),stdin) ){
    char *zFieldName;
    char *zVal;

    nIn += strlen(zLine);
    zFieldName = GetFirstElement(zLine,&zVal);
    if( zFieldName==0 || *zFieldName==0 ) break;
................................................................................
      if( zRealPort ){
        zServerPort = StrDup(zRealPort);
      }
    }else if( strcasecmp(zFieldName,"Authorization:")==0 ){
      zAuthType = GetFirstElement(StrDup(zVal), &zAuthArg);
    }
  }
















  /* Make an extra effort to get a valid server name and port number.
  ** Only Netscape provides this information.  If the browser is
  ** Internet Explorer, then we have to find out the information for
  ** ourselves.
  */
  if( zServerName==0 ){
................................................................................


int main(int argc, char **argv){
  int i;                    /* Loop counter */
  char *zPermUser = 0;      /* Run daemon with this user's permissions */
  int iPort = 0;            /* Implement an HTTP server process */
  int useChrootJail = 1;    /* True to use a change-root jail */


  /* Record the time when processing begins.
  */
  time(&beginTime);

  /* Parse command-line arguments
  */
................................................................................
  
  /* Change directories to the root of the HTTP filesystem.  Then
  ** create a chroot jail there.
  */
  if( chdir(zRoot)!=0 ){
    Malfunction(__LINE__, "cannot change to directory [%s]", zRoot);
  }
  




  if( zPermUser && useChrootJail && getuid()==0 ){
    if( chroot(".")<0 ){
      Malfunction(__LINE__, "unable to create chroot jail");
    }else{
      zRoot = "";
    }
  }
................................................................................
  if( iPort && http_server(iPort, 0) ){
    Malfunction(__LINE__, "failed to start server");
  }

  /* Drop root privileges.
  */
  if( zPermUser ){
    struct passwd *pwd = getpwnam(zPermUser);
    if( pwd ){
      setgid(pwd->pw_gid);
      setuid(pwd->pw_uid);
    }else{
      Malfunction(__LINE__, "no such user [%s]", zPermUser);
    }
  }








>







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







>







 







|
>
>
>
>







 







<








933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
...
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
....
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
....
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
....
1607
1608
1609
1610
1611
1612
1613

1614
1615
1616
1617
1618
1619
1620

  }

  /* Get all the optional fields that follow the first line.
  */
  zCookie = 0;
  zAuthType = 0;
  zRemoteUser = 0;
  zReferer = 0;
  while( fgets(zLine,sizeof(zLine),stdin) ){
    char *zFieldName;
    char *zVal;

    nIn += strlen(zLine);
    zFieldName = GetFirstElement(zLine,&zVal);
    if( zFieldName==0 || *zFieldName==0 ) break;
................................................................................
      if( zRealPort ){
        zServerPort = StrDup(zRealPort);
      }
    }else if( strcasecmp(zFieldName,"Authorization:")==0 ){
      zAuthType = GetFirstElement(StrDup(zVal), &zAuthArg);
    }
  }

  /* Disallow referring from certain servers */
#if 0
  if( zReferer ){
    static const char *azDisallow[] = {
      "skidrowcrack.com",
      "hoshiyuugi.tistory.com",
      "skidrowgames.net",
    };
    int i;
    for(i=0; i<sizeof(azDisallow)/sizeof(azDisallow[0]); i++){
      if( strstr(zReferer, azDisallow[i])!=0 ) NotFound(__LINE__);
    }
  }
#endif

  /* Make an extra effort to get a valid server name and port number.
  ** Only Netscape provides this information.  If the browser is
  ** Internet Explorer, then we have to find out the information for
  ** ourselves.
  */
  if( zServerName==0 ){
................................................................................


int main(int argc, char **argv){
  int i;                    /* Loop counter */
  char *zPermUser = 0;      /* Run daemon with this user's permissions */
  int iPort = 0;            /* Implement an HTTP server process */
  int useChrootJail = 1;    /* True to use a change-root jail */
  struct passwd *pwd = 0;   /* Information about the user */

  /* Record the time when processing begins.
  */
  time(&beginTime);

  /* Parse command-line arguments
  */
................................................................................
  
  /* Change directories to the root of the HTTP filesystem.  Then
  ** create a chroot jail there.
  */
  if( chdir(zRoot)!=0 ){
    Malfunction(__LINE__, "cannot change to directory [%s]", zRoot);
  }

  /* Get information about the user if available */
  if( zPermUser ) pwd = getpwnam(zPermUser);

  /* Enter the chroot jail if requested */  
  if( zPermUser && useChrootJail && getuid()==0 ){
    if( chroot(".")<0 ){
      Malfunction(__LINE__, "unable to create chroot jail");
    }else{
      zRoot = "";
    }
  }
................................................................................
  if( iPort && http_server(iPort, 0) ){
    Malfunction(__LINE__, "failed to start server");
  }

  /* Drop root privileges.
  */
  if( zPermUser ){

    if( pwd ){
      setgid(pwd->pw_gid);
      setuid(pwd->pw_uid);
    }else{
      Malfunction(__LINE__, "no such user [%s]", zPermUser);
    }
  }

This page was generated in about 0.009s by Fossil 2.13 [8813ae91a6] 2020-10-29 16:30:30