X-Git-Url: http://wpitchoune.net/gitweb/?p=psensor-pkg-debian.git;a=blobdiff_plain;f=src%2Fserver%2Fserver.c;h=fb6b63c3826dc8c981fa3dfe992de40b37778d76;hp=58625868f5f1a9c2e51aacc253407730eaeb0562;hb=bd7036af56a4b61b2b473dccbeac5e26f78b57da;hpb=4e6ce51e7afeb7924573c40796910cd003850949 diff --git a/src/server/server.c b/src/server/server.c index 5862586..fb6b63c 100644 --- a/src/server/server.c +++ b/src/server/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 jeanfi@gmail.com + * Copyright (C) 2010-2016 jeanfi@gmail.com * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -23,6 +23,7 @@ #include #define _(str) gettext(str) +#include #include #include #include @@ -64,15 +65,15 @@ static const int DEFAULT_PORT = 3131; "Page not found - Go to Main page

")) static struct option long_options[] = { - {"version", no_argument, 0, 'v'}, - {"help", no_argument, 0, 'h'}, - {"port", required_argument, 0, 'p'}, - {"wdir", required_argument, 0, 'w'}, - {"debug", required_argument, 0, 'd'}, - {"log-file", required_argument, 0, 'l'}, - {"sensor-log-file", required_argument, 0, 0}, - {"sensor-log-interval", required_argument, 0, 0}, - {0, 0, 0, 0} + {"version", no_argument, NULL, 'v'}, + {"help", no_argument, NULL, 'h'}, + {"port", required_argument, NULL, 'p'}, + {"wdir", required_argument, NULL, 'w'}, + {"debug", required_argument, NULL, 'd'}, + {"log-file", required_argument, NULL, 'l'}, + {"sensor-log-file", required_argument, NULL, 0}, + {"sensor-log-interval", required_argument, NULL, 0}, + {NULL, 0, NULL, 0} }; static struct server_data server_data; @@ -81,7 +82,7 @@ static pthread_mutex_t mutex; static int server_stop_requested; -static void print_version() +static void print_version(void) { printf("psensor-server %s\n", VERSION); printf(_("Copyright (C) %s jeanfi@gmail.com\n" @@ -92,7 +93,7 @@ static void print_version() "2010-2012"); } -static void print_help() +static void print_help(void) { printf(_("Usage: %s [OPTION]...\n"), program_name); @@ -192,8 +193,9 @@ create_response_api(const char *nurl, const char *method, unsigned int *rp_code) if (page) { *rp_code = MHD_HTTP_OK; - resp = MHD_create_response_from_data(strlen(page), page, - MHD_YES, MHD_NO); + resp = MHD_create_response_from_buffer(strlen(page), + page, + MHD_RESPMEM_MUST_FREE); MHD_add_response_header(resp, MHD_HTTP_HEADER_CONTENT_TYPE, "application/json"); @@ -223,8 +225,8 @@ static struct MHD_Response *create_response_file(const char *nurl, if (!st.st_size) { fclose(file); - return MHD_create_response_from_data - (0, NULL, MHD_NO, MHD_NO); + return MHD_create_response_from_buffer + (0, NULL, 0); } return MHD_create_response_from_callback @@ -242,17 +244,52 @@ static struct MHD_Response *create_response_file(const char *nurl, return NULL; } +static int is_access_allowed(char *path) +{ + char *rpath; + int n, ret; + + rpath = realpath(path, NULL); + if (rpath) { + n = strlen(server_data.www_dir); + if (!strncmp(server_data.www_dir, rpath, n) + || !strcmp(rpath, + "/usr/share/javascript/jquery/jquery.js")) { + ret = 1; + } else { + ret = 0; + + log_err(_("Resource access refused %s real path is %s"), + path, + rpath); + } + + free(rpath); + } else { + log_err(_("Cannot get real path of %s"), path); + + ret = 0; + } + + return ret; +} + static struct MHD_Response * create_response(const char *nurl, const char *method, unsigned int *rp_code) { + char *page, *fpath; struct MHD_Response *resp = NULL; if (!strncmp(nurl, URL_BASE_API_1_1, strlen(URL_BASE_API_1_1))) { resp = create_response_api(nurl, method, rp_code); } else { - char *fpath = get_path(nurl, server_data.www_dir); + fpath = get_path(nurl, server_data.www_dir); - resp = create_response_file(nurl, method, rp_code, fpath); + if (is_access_allowed(fpath)) + resp = create_response_file(nurl, + method, + rp_code, + fpath); free(fpath); } @@ -260,13 +297,12 @@ create_response(const char *nurl, const char *method, unsigned int *rp_code) if (resp) return resp; - char *page = strdup(PAGE_NOT_FOUND); + page = strdup(PAGE_NOT_FOUND); *rp_code = MHD_HTTP_NOT_FOUND; - return MHD_create_response_from_data(strlen(page), - page, - MHD_YES, - MHD_NO); + return MHD_create_response_from_buffer(strlen(page), + page, + MHD_RESPMEM_MUST_FREE); } static int cbk_http_request(void *cls, @@ -275,7 +311,8 @@ static int cbk_http_request(void *cls, const char *method, const char *version, const char *upload_data, - size_t *upload_data_size, void **ptr) + size_t *upload_data_size, + void **ptr) { static int dummy; struct MHD_Response *response; @@ -288,7 +325,8 @@ static int cbk_http_request(void *cls, if (&dummy != *ptr) { /* The first time only the headers are valid, do not - respond in the first round... */ + * respond in the first round... + */ *ptr = &dummy; return MHD_YES; } @@ -347,7 +385,7 @@ int main(int argc, char *argv[]) switch (optc) { case 'w': if (optarg) - server_data.www_dir = strdup(optarg); + server_data.www_dir = realpath(optarg, NULL); break; case 'p': if (optarg) @@ -386,8 +424,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } - if (!server_data.www_dir) - server_data.www_dir = strdup(DEFAULT_WWW_DIR); + if (!server_data.www_dir) { + server_data.www_dir = realpath(DEFAULT_WWW_DIR, NULL); + if (!server_data.www_dir) { + fprintf(stderr, + _("Webserver directory does not exist.\n")); + exit(EXIT_FAILURE); + } + } if (!log_file) log_file = strdup(DEFAULT_LOG_FILE); @@ -404,7 +448,7 @@ int main(int argc, char *argv[]) server_data.cpu_usage = create_cpu_usage_sensor(600); #endif - if (!*server_data.sensors) + if (!server_data.sensors || !*server_data.sensors) log_err(_("No sensors detected.")); d = MHD_start_daemon(MHD_USE_THREAD_PER_CONNECTION, @@ -463,7 +507,7 @@ int main(int argc, char *argv[]) psensor_free(server_data.cpu_usage); #endif free(server_data.www_dir); - sensors_cleanup(); + lmsensor_cleanup(); #ifdef HAVE_GTOP sysinfo_cleanup();