00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017 #include "cgi.h"
00018 extern int CGILogLevel;
00019
00020
00021
00022 #ifdef CGI_ALLOW
00023 int MatchesList(char * host, char * list)
00024 {
00025 if (!stricmp(list,"all")) return 1;
00026 if (!stricmp(list,"(all)")) return 1;
00027 if (list[0] == 0) return 0;
00028 if (stristr(list,host)) return 1;
00029 return 0;
00030 }
00031
00032 int CheckAllowDeny(char * host, char * allow,char * deny)
00033 {
00034 if (host==NULL || !host[0]) return 0;
00035 if (allow==NULL) allow = "";
00036 if (deny==NULL) deny = "";
00037
00038 if (!stricmp(allow,"all")||!stricmp(allow,"(all)")) return 1;
00039 if (!stricmp(deny,"all")||!stricmp(deny,"(all)")) return 0;
00040
00041 if (allow[0]==0)
00042 {
00043 if (deny[0] == 0) return 2;
00044 if (MatchesList(host,deny)) return 0;
00045 return 1;
00046 }
00047
00048 if (MatchesList(host,allow))
00049 {
00050 if (deny[0] == 0) return 1;
00051 if (MatchesList(host,deny)) return 0;
00052 return 1;
00053 }
00054 else return 0;
00055 }
00056
00057 int CheckAllow(char* host,CGINameValue* n,char*allow,char*deny,int value,int *i)
00058 {
00059 if ((*i & value)
00060 && CheckAllowDeny(host,GetFieldValue(n,allow),
00061 GetFieldValue(n,deny)) == 0)
00062 *i &= ~value;
00063 return (*i & value);
00064 }
00065
00066 #endif
00067
00068 void CheckPass(CGINameValue* n,int *i,int value,char*pwd,char* field)
00069 {
00070 char * comp= GetFieldValue(n,field);
00071
00072 if (!*comp) return;
00073
00074 if (!stricmp(comp,"(allow)"))
00075 *i |= value;
00076 else if (!stricmp(comp,"(deny)"))
00077 return;
00078
00079 if (GetField(n,field))
00080 if (HasToken(pwd,comp,0))
00081 *i |= value;
00082 }
00083
00084 int GetSecurityFlags(char* argv0,char* host,char* database,char* pwd)
00085 {
00086 int i = CGI_ALLOW_NONE;
00087 CGINameValue *n;
00088 #ifdef CGI_ALLOW
00089 CGINameValue *m;
00090 #endif
00091
00092 int j = strcspn(database,"/.\\*?$|'\"<>~");
00093
00094 if (database[j] != 0 || strlen(database) > 128 || strlen(pwd) > 128)
00095 {
00096 LogError("\nSecurity breach attempted\tHOST=");
00097 LogError(host);
00098 return CGI_ALLOW_NONE;
00099 }
00100
00101
00102 #ifdef CGI_ALLOW
00103 {
00104 char fn[MAXPATH];
00105 ExpandLocalPath(argv0,fn,"cgi",".ini");
00106 m = ReadINIFileSection(fn,"access",0);
00107
00108
00109 }
00110 #endif
00111
00112 n = NULL;
00113 if (database != NULL)
00114 if (database[0] != 0)
00115 {
00116 char fn[MAXPATH];
00117 ExpandLocalPath(argv0,fn,database,".ini");
00118 n = ReadINIFileSection(fn,"access",0);
00119
00120 }
00121
00122 if (n != NULL)
00123 {
00124 CheckPass(n,&i,CGI_ALLOW_READ,pwd,"PWDREAD");
00125 CheckPass(n,&i,CGI_ALLOW_UPDATE,pwd,"PWDUPDATE");
00126 CheckPass(n,&i,CGI_ALLOW_APPEND,pwd,"PWDAPPEND");
00127 CheckPass(n,&i,CGI_ALLOW_DELETE,pwd,"PWDDELETE");
00128 CheckPass(n,&i,CGI_ALLOW_WRITE,pwd,"PWDWRITE");
00129 CheckPass(n,&i,CGI_ALLOW_ADMIN,pwd,"PWDADMIN");
00130 CheckPass(n,&i,CGI_ALLOW_REPORT,pwd,"PWDREPORT");
00131 CheckPass(n,&i,CGI_ALLOW_ALL,pwd,"PWD");
00132 }
00133
00134 #ifdef CGI_ALLOW
00135 if (n != NULL)
00136 {
00137 if (CheckAllowDeny(host,GetFieldValue(n,"ALLOW"),
00138 GetFieldValue(n,"DENY")) ==0) i = CGI_ALLOW_NONE;
00139
00140 if (i && m != NULL)
00141 if (CheckAllowDeny(host,GetFieldValue(m,"ALLOW"),
00142 GetFieldValue(m,"DENY")) ==0) i = CGI_ALLOW_NONE;
00143
00144 if (i) CheckAllow(host,n,"ALLOWREAD","DENYREAD",CGI_ALLOW_READ,&i);
00145 if (i) CheckAllow(host,n,"ALLOWUPDATE","DENYUPDATE",CGI_ALLOW_UPDATE,&i);
00146 if (i) CheckAllow(host,n,"ALLOWAPPEND","DENYAPPEND",CGI_ALLOW_APPEND,&i);
00147 if (i) CheckAllow(host,n,"ALLOWWRITE","DENYWRITE",CGI_ALLOW_WRITE,&i);
00148 if (i) CheckAllow(host,n,"ALLOWDELETE","DENYDELETE",CGI_ALLOW_DELETE,&i);
00149 if (i) CheckAllow(host,n,"ALLOWREPORT","DENYREPORT",CGI_ALLOW_REPORT,&i);
00150 if (i) CheckAllow(host,n,"ALLOWADMIN","DENYADMIN",CGI_ALLOW_ADMIN,&i);
00151 }
00152
00153
00154 if (m != NULL)
00155 {
00156 if (i) CheckAllow(host,m,"ALLOWREAD","DENYREAD",CGI_ALLOW_READ,&i);
00157 if (i) CheckAllow(host,m,"ALLOWUPDATE","DENYUPDATE",CGI_ALLOW_UPDATE,&i);
00158 if (i) CheckAllow(host,m,"ALLOWAPPEND","DENYAPPEND",CGI_ALLOW_APPEND,&i);
00159 if (i) CheckAllow(host,m,"ALLOWWRITE","DENYWRITE",CGI_ALLOW_WRITE,&i);
00160 if (i) CheckAllow(host,m,"ALLOWDELETE","DENYDELETE",CGI_ALLOW_DELETE,&i);
00161 if (i) CheckAllow(host,m,"ALLOWREPORT","DENYREPORT",CGI_ALLOW_REPORT,&i);
00162 if (i) CheckAllow(host,m,"ALLOWADMIN","DENYADMIN",CGI_ALLOW_ADMIN,&i);
00163 }
00164
00165 if (m != NULL) DeleteNVP(m);
00166 #endif
00167
00168 if (n != NULL) DeleteNVP(n);
00169 return i;
00170 }