}
$client_certs = 0 if (!-r $config{'ca'} || !%certs);
$ssl_contexts{"*"} = &create_ssl_context($config{'keyfile'},
- $config{'certfile'});
+ $config{'certfile'},
+ $config{'extracas'});
foreach $ipkey (@ipkeys) {
- $ctx = &create_ssl_context($ipkey->{'key'}, $ipkey->{'cert'});
+ $ctx = &create_ssl_context($ipkey->{'key'}, $ipkey->{'cert'},
+ $ipkey->{'extracas'} || $config{'extracas'});
foreach $ip (@{$ipkey->{'ips'}}) {
$ssl_contexts{$ip} = $ctx;
}
print DEBUG "sn=$sn\n";
print DEBUG "length=",length($sn),"\n";
$localipv6 = length($sn) > 16;
+ print DEBUG "localipv6=$localipv6\n";
# Initialize SSL for this connection
if ($use_ssl) {
}
# Work out the hostname for this web server
- print DEBUG "localipv6=$localipv6\n";
$host = &get_socket_name(SOCK, $localipv6);
print DEBUG "host=$host\n";
$host || exit;
$SIG{'HUP'} = 'IGNORE';
$SIG{'USR1'} = 'IGNORE';
- # Initialize SSL for this connection
- if ($use_ssl) {
- $ssl_con = &ssl_connection_for_ip(
- SOCK, $ipv6fhs{$s});
- $ssl_con || exit;
- }
-
# Close the file handle for the session DBM
dbmclose(%sessiondb);
&close_all_sockets();
close(LISTEN);
+ # Initialize SSL for this connection
+ if ($use_ssl) {
+ $ssl_con = &ssl_connection_for_ip(
+ SOCK, $ipv6fhs{$s});
+ $ssl_con || exit;
+ }
+
print DEBUG
"main: Starting handle_request loop pid=$$\n";
while(&handle_request($peera, $locala,
print DEBUG "handle_request: posted_data=$posted_data\n";
}
+# Reject CONNECT request, which isn't supported
+if ($method eq "CONNECT") {
+ &http_error(405, "Method $method is not supported");
+ }
+
# work out accepted encodings
%acceptenc = map { $_, 1 } split(/,/, $header{'accept-encoding'});
&write_data("WWW-authenticate: Basic ".
"realm=\"$config{'realm'}\"\r\n");
&write_keep_alive(0);
- &write_data("Content-type: text/html\r\n");
+ &write_data("Content-type: text/html; Charset=iso-8859-1\r\n");
&write_data("\r\n");
&reset_byte_count();
&write_data("<html>\n");
local $resp = "HTTP/1.0 $ok_code $ok_message\r\n".
"Date: $datestr\r\n".
"Server: $config{server}\r\n".
- "Content-type: text/html\r\n";
+ "Content-type: text/html; Charset=iso-8859-1\r\n";
&write_data($resp);
&write_keep_alive(0);
&write_data("\r\n");
}
$ENV{"QUERY_STRING"} = $querystring;
$ENV{"MINISERV_CONFIG"} = $config_file;
- $ENV{"HTTPS"} = "ON" if ($use_ssl || $config{'inetd_ssl'});
+ $ENV{"HTTPS"} = $use_ssl || $config{'inetd_ssl'} ? "ON" : "";
$ENV{"MINISERV_PID"} = $miniserv_main_pid;
$ENV{"SESSION_ID"} = $session_id if ($session_id);
$ENV{"LOCAL_USER"} = $localauth_user if ($localauth_user);
&write_data("HTTP/1.0 $_[0] $_[1]\r\n");
&write_data("Server: $config{server}\r\n");
&write_data("Date: $datestr\r\n");
- &write_data("Content-type: text/html\r\n");
+ &write_data("Content-type: text/html; Charset=iso-8859-1\r\n");
&write_keep_alive(0);
&write_data("\r\n");
&reset_byte_count();
sub run_login_script
{
if ($config{'login_script'}) {
- system($config{'login_script'}.
- " ".join(" ", map { quotemeta($_) || '""' } @_).
- " >/dev/null 2>&1 </dev/null");
+ alarm(5);
+ $SIG{'ALRM'} = sub { die "timeout" };
+ eval {
+ system($config{'login_script'}.
+ " ".join(" ", map { quotemeta($_) || '""' } @_).
+ " >/dev/null 2>&1 </dev/null");
+ };
+ alarm(0);
}
}
sub run_logout_script
{
if ($config{'logout_script'}) {
- system($config{'logout_script'}.
- " ".join(" ", map { quotemeta($_) || '""' } @_).
- " >/dev/null 2>&1 </dev/null");
+ alarm(5);
+ $SIG{'ALRM'} = sub { die "timeout" };
+ eval {
+ system($config{'logout_script'}.
+ " ".join(" ", map { quotemeta($_) || '""' } @_).
+ " >/dev/null 2>&1 </dev/null");
+ };
+ alarm(0);
}
}
'key' => $_[0]->{$k},
'index' => scalar(@rv) };
$ipkey->{'cert'} = $_[0]->{'ipcert_'.$1};
+ $ipkey->{'extracas'} = $_[0]->{'ipextracas_'.$1};
push(@rv, $ipkey);
}
}
return @rv;
}
-# create_ssl_context(keyfile, [certfile])
+# create_ssl_context(keyfile, [certfile], [extracas])
sub create_ssl_context
{
-local ($keyfile, $certfile) = @_;
+local ($keyfile, $certfile, $extracas) = @_;
local $ssl_ctx;
eval { $ssl_ctx = Net::SSLeay::new_x_ctx() };
$ssl_ctx ||= Net::SSLeay::CTX_new();
Net::SSLeay::CTX_set_verify(
$ssl_ctx, &Net::SSLeay::VERIFY_PEER, \&verify_client);
}
-if ($config{'extracas'}) {
- local $p;
- foreach $p (split(/\s+/, $config{'extracas'})) {
+if ($extracas && $extracas ne "none") {
+ foreach my $p (split(/\s+/, $extracas)) {
Net::SSLeay::CTX_load_verify_locations(
$ssl_ctx, $p, "");
}
close(STDIN); close(STDOUT); close(STDERR);
untie(*STDIN); untie(*STDOUT); untie(*STDERR);
close($PASSINw); close($PASSOUTr);
- $( = $uinfo[3]; $) = "$uinfo[3] $uinfo[3]";
+ ($(, $)) = ( $uinfo[3],
+ "$uinfo[3] ".join(" ", $uinfo[3],
+ &other_groups($uinfo[0])) );
($>, $<) = ($uinfo[2], $uinfo[2]);
close(SUDOw);
close($ptyfh);
kill('KILL', $pid);
waitpid($pid, 0);
-local ($ok) = ($out =~ /\(ALL\)\s+ALL|\(ALL\)\s+NOPASSWD:\s+ALL/ ? 1 : 0);
+local ($ok) = ($out =~ /\(ALL\)\s+ALL|\(ALL\)\s+NOPASSWD:\s+ALL|\(ALL\s*:\s*ALL\)\s+ALL/ ? 1 : 0);
# Update cache
if ($PASSINw) {
return $ok;
}
+sub other_groups
+{
+my ($user) = @_;
+my @rv;
+setgrent();
+while(my @g = getgrent()) {
+ my @m = split(/\s+/, $g[3]);
+ push(@rv, $g[2]) if (&indexof($user, @m) >= 0);
+ }
+endgrent();
+return @rv;
+}
+
# is_mobile_useragent(agent)
# Returns 1 if some user agent looks like a cellphone or other mobile device,
# such as a treo.
"iPhone", # Apple iPhone KHTML browser
"iPod", # iPod touch browser
"MobileSafari", # HTTP client in iPhone
- "Android", # gPhone
"Opera Mini", # Opera Mini
"HTC_P3700", # HTC mobile device
"Pre/", # Palm Pre
"webOS/", # Palm WebOS
"Nintendo DS", # DSi / DSi-XL
);
+local @regexps = (
+ "Android.*Mobile", # Android phone
+ );
foreach my $p (@prefixes) {
return 1 if ($agent =~ /^\Q$p\E/);
}
foreach my $s (@substrings, @mobile_agents) {
return 1 if ($agent =~ /\Q$s\E/);
}
+foreach my $s (@regexps) {
+ return 1 if ($agent =~ /$s/);
+ }
return 0;
}