[icinga-checkins] icinga.org: icinga-core/feature/url-cgi-path-6459: Add url_cgi_path (WIP)

git at icinga.org git at icinga.org
Wed Jun 11 14:56:17 CEST 2014


Module: icinga-core
Branch: feature/url-cgi-path-6459
Commit: 0d7398cfcdc475b704c205340094f2b1bb599242
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=0d7398cfcdc475b704c205340094f2b1bb599242

Author: Michael Friedrich <michael.friedrich at netways.de>
Date:   Wed Jun 11 14:55:52 2014 +0200

Add url_cgi_path (WIP)

Refs #6459

---

 cgi/cgiutils.c           |   17 +++++++++++++++++
 cgi/cmd.c                |    3 ++-
 sample-config/cgi.cfg.in |   11 +++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/cgi/cgiutils.c b/cgi/cgiutils.c
index 8c1ee2f..234fd18 100644
--- a/cgi/cgiutils.c
+++ b/cgi/cgiutils.c
@@ -39,6 +39,7 @@ char            physical_html_path[MAX_FILENAME_LENGTH];
 char            physical_images_path[MAX_FILENAME_LENGTH];
 char            physical_ssi_path[MAX_FILENAME_LENGTH];
 char            url_html_path[MAX_FILENAME_LENGTH];
+char            url_cgi_path[MAX_FILENAME_LENGTH];
 char            url_docs_path[MAX_FILENAME_LENGTH];
 char            url_images_path[MAX_FILENAME_LENGTH];
 char            url_logo_images_path[MAX_FILENAME_LENGTH];
@@ -303,6 +304,7 @@ void reset_cgi_vars(void) {
 	strcpy(physical_ssi_path, "");
 
 	strcpy(url_html_path, "");
+	strcpy(url_cgi_path, "");
 	strcpy(url_docs_path, "");
 	strcpy(url_stylesheets_path, "");
 	strcpy(url_js_path, "");
@@ -520,6 +522,17 @@ int read_cgi_config_file(char *filename) {
 			url_media_path[sizeof(url_media_path) - 1] = '\x0';
 		}
 
+		else if (!strcmp(var, "url_cgi_path")) {
+
+			strncpy(url_cgi_path, val, sizeof(url_cgi_path));
+			url_cgi_path[sizeof(url_cgi_path) - 1] = '\x0';
+
+			strip(url_cgi_path);
+			if (url_cgi_path[strlen(url_cgi_path) - 1] != '/' && (strlen(url_cgi_path) < sizeof(url_cgi_path) - 1))
+				strcat(url_cgi_path, "/");
+
+		}
+
 		else if (!strcmp(var, "url_stylesheets_path")) {
 
 			strncpy(url_stylesheets_path, val, sizeof(url_stylesheets_path));
@@ -817,6 +830,10 @@ int read_cgi_config_file(char *filename) {
 		snprintf(url_stylesheets_path, sizeof(url_stylesheets_path), "%sstylesheets/", url_html_path);
 		url_stylesheets_path[sizeof(url_stylesheets_path) - 1] = '\x0';
 	}
+	if (!strcmp(url_cgi_path, "")) {
+		snprintf(url_cgi_path, sizeof(url_cgi_path), "%s", DEFAULT_URL_CGIBIN_PATH);
+		url_cgi_path[sizeof(url_cgi_path) - 1] = '\x0';
+	}
 
 	if (!strcmp(main_config_file, "")) {
 
diff --git a/cgi/cmd.c b/cgi/cmd.c
index 977dcbe..cfffa74 100644
--- a/cgi/cmd.c
+++ b/cgi/cmd.c
@@ -46,6 +46,7 @@ extern const char *extcmd_get_name(int id);
 
 extern char main_config_file[MAX_FILENAME_LENGTH];
 extern char url_html_path[MAX_FILENAME_LENGTH];
+extern char url_cgi_path[MAX_FILENAME_LENGTH];
 extern char url_images_path[MAX_FILENAME_LENGTH];
 extern char command_file[MAX_FILENAME_LENGTH];
 extern char comment_file[MAX_FILENAME_LENGTH];
@@ -2066,7 +2067,7 @@ void commit_command_data(int cmd) {
 	get_authentication_information(&current_authdata);
 
 	referer = getenv("HTTP_REFERER");
-	asprintf(&referer_check, "%s/%s", DEFAULT_URL_CGIBIN_PATH, CMD_CGI);
+	asprintf(&referer_check, "%s/%s", url_cgi_path, CMD_CGI);
 
 	if (disable_cmd_cgi_csrf_protection == FALSE && (referer == NULL || !strstr(referer, referer_check))) {
 		if (use_logging == TRUE) {
diff --git a/sample-config/cgi.cfg.in b/sample-config/cgi.cfg.in
index 1f08bb7..0f929f9 100644
--- a/sample-config/cgi.cfg.in
+++ b/sample-config/cgi.cfg.in
@@ -56,6 +56,17 @@ url_html_path=@htmurl@
 
 
 
+# URL CGI PATH
+# This is the path portion of the URL that corresponds to the
+# physical location of the Icinga CGI files. It is evaluated by
+# the cmd.cgi CSRF protection.
+# This value should be changed if the CGI files are accessible
+# under a different path than the default installation path.
+
+#url_cgi_path=@htmurl@/cgi-bin
+
+
+
 # URL STYLESHEETS PATH
 # This option allows to define an url stylesheet path other than the
 # default ($url_html_path/stylesheets). This will be useful when



More information about the icinga-checkins mailing list