Back to index

wims  3.65+svn20090927
files.c
Go to the documentation of this file.
00001 /*    Copyright (C) 1998-2003 XIAO, Gang of Universite de Nice - Sophia Antipolis
00002  *
00003  *  This program is free software; you can redistribute it and/or modify
00004  *  it under the terms of the GNU General Public License as published by
00005  *  the Free Software Foundation; either version 2 of the License, or
00006  *  (at your option) any later version.
00007  *
00008  *  This program is distributed in the hope that it will be useful,
00009  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00010  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00011  *  GNU General Public License for more details.
00012  *
00013  *  You should have received a copy of the GNU General Public License
00014  *  along with this program; if not, write to the Free Software
00015  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00016  */
00017 
00018 void secure_exec(void);
00019 
00020 int fwrite_calls=0;  /* number of files */
00021 int fwrite_sizes=0;  /* total size */
00022 
00023        /* write to a writable file. */
00024 void _filewrite(char *prefix, char *fname, char *content, char *type)
00025 {
00026     char *m, buf[MAX_LINELEN+1];
00027     FILE *f;
00028     int n,checklink;
00029     struct stat stl;
00030     checklink=0;
00031     if(strstr(fname,parent_dir_string)!=NULL){
00032        setvar(error_data_string,fname);
00033        module_error("illegal_fname"); return;
00034     }
00035     m=getvar(ro_name[ro_module]);
00036     if(m==NULL || *m==0) return;
00037     if(strncmp(fname,"TEMP_",5)==0 && strchr(fname,'/')==NULL &&
00038        strstr(session_prefix,"robot")==NULL) {
00039        mystrncpy(buf,tmp_dir,sizeof(buf));
00040        goto add;
00041     }
00042     if(strncmp(fname,"getfile/",strlen("getfile/"))==0) {
00043        if(strchr(fname+strlen("getfile/"),'/')!=NULL) {
00044 denied:
00045            setvar(error_data_string,fname);
00046            module_error("file_access_denied"); return;
00047        }
00048        fname+=strlen("getfile/");
00049        snprintf(buf,sizeof(buf),"%s/getfile",session_prefix);
00050        mkdirs(buf);
00051        checklink=1; goto add;
00052     }
00053     if(trusted_module() && !is_class_module && strncmp(fname,"wimshome/",9)==0) {
00054        mystrncpy(buf,getvar("wims_home"),sizeof(buf));
00055        fname+=9; goto add;
00056     }
00057     if(strncmp(m,"adm/",4)==0 || strcmp(m,home_module)==0) {
00058        mystrncpy(buf,prefix,sizeof(buf));
00059     }
00060     else {
00061        if(!trusted_module() && strchr(fname,'/')!=NULL) return; /* silent */
00062        snprintf(buf,sizeof(buf),"w/%s",prefix);
00063        mkdirs(buf);
00064     }
00065     add: snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"/%s",fname);
00066     if(!trusted_module() || is_class_module) {
00067        if(fwrite_calls>=MAX_FWRITE) goto denied;
00068        fwrite_calls++;
00069        n=strlen(content)+1;
00070        if(fwrite_sizes+n>MAX_FWRITE_SIZE) goto denied;
00071        fwrite_sizes+=n;
00072     }
00073     if(checklink && lstat(buf,&stl)==0 && S_ISLNK(stl.st_mode))
00074       goto denied;
00075     lastdatafile[0]=lastftest[0]=0;
00076     f=fopen(buf,type); if(f==NULL) return;
00077     fprintf(f,"%s\n",content);
00078     fclose(f);
00079 }
00080 
00081        /* write to a file in module */
00082 void filewrite(char *p)
00083 {
00084     char *p1, *p2;
00085     secure_exec();
00086     p1=find_word_start(p);
00087     p2=find_word_end(p1);
00088     if(*p1==0) {*p=0;return;}
00089     if(*p2!=0) *p2++=0;
00090     _filewrite(module_prefix,p1,p2,"w");
00091     *p=0;
00092 }
00093 
00094        /* append to a file in module */
00095 void fileappend(char *p)
00096 {
00097     char *p1, *p2;
00098     secure_exec();
00099     p1=find_word_start(p);
00100     p2=find_word_end(p1);
00101     if(*p1==0) {*p=0;return;}
00102     if(*p2!=0) *p2++=0;
00103     _filewrite(module_prefix,p1,p2,"a");
00104     *p=0;
00105 }
00106