/*****************************************************************************/ /* sadHOC.c Pronounced: sad-dock (yep, kinda melancholy) Really just a development/experimental tool for the screper module. Allows ad hoc commands to be screped. Also see SCREPER.C code. sadHOC requires server authorisation. If access for the great unwashed is desired (not recommended), define the logical name SADHOC_REMOTE_USER to anything at all. HOW IT WORKS ------------ See the prologue to SCREPER.C. COPYRIGHT --------- Copyright (C) 2021-2023 Mark G.Daniel Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. VERSION LOG ----------- 18-SEP-2022 MGD v1.1.0, CSP same-origin 'strict-dynamic' constraints 01-AUG-2021 MGD v1.0.0, initial */ /*****************************************************************************/ #define SOFTWAREVN "v1.1.0" #define SOFTWARENM "SADHOC" #ifdef __ALPHA # define SOFTWAREID SOFTWARENM " " SOFTWAREVN " AXP" #endif #ifdef __ia64 # define SOFTWAREID SOFTWARENM " " SOFTWAREVN " IA64" #endif #ifdef __x86_64 # define SOFTWAREID SOFTWARENM " " SOFTWAREVN " X86" #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "screper.h" #define FI_LI "SHTTPMON",__LINE__ #ifndef UINT64PTR /* mainly to allow easy use of the __unaligned directive */ #define UINTPTR __unaligned unsigned int* #define ULONGPTR __unaligned unsigned long* #define USHORTPTR __unaligned unsigned short* #define UINT64PTR __unaligned uint64* #define INT64PTR __unaligned int64* #endif #define SAD_MAX 4 int begun, inspect; char *CgiQueryString, *CgiRemoteUser, *CgiRequestUri, *CgiScriptName, *CgiServerSoftware; static char ScriptName [64], SyiNodeName [16]; void *scrptr; char *sadhocStyle = "\n"; /* prototypes */ int sadhocCount (); void sadhocExit (int, int); char* sadhocHtmlEncode (char*); int sadhocNumber (int); void sadhocPage (); void sadhocPopulate (); void sadhocSubmit (); void sadhocTerminal (int); int sadhocUrlDecode (char*); /*****************************************************************************/ /* */ int main (int argc, char *argv[]) { static unsigned long JpiPidItem = JPI$_PID; static unsigned long SyiNodeNameItem = SYI$_NODENAME; static $DESCRIPTOR (SyiNodeNameDsc, SyiNodeName); int interval, page; ushort slen; char *cptr, *sptr, *zptr;; char cmd [256]; /*********/ /* begin */ /*********/ if (argc > 1) { if (!strncasecmp (argv[1], "/VERSION", 4)) fprintf (stdout, "%s\n%s\n", SOFTWAREID, ScreperDo (NULL, "-version")); exit (SS$_NORMAL); } if (!(stdout = freopen ("SYS$OUTPUT", "w", stdout, "ctx=bin"))) sadhocExit (vaxc$errno, __LINE__); lib$getsyi (&SyiNodeNameItem, 0, &SyiNodeNameDsc, &slen, 0, 0); SyiNodeName[slen] = '\0'; if (!(CgiServerSoftware = getenv ("WWW_SERVER_SOFTWARE"))) CgiServerSoftware = getenv ("SERVER_SOFTWARE"); if (!CgiServerSoftware) sadhocExit (SS$_NORMAL, __LINE__); strcpy (ScriptName, "sadHOC"); if (!(CgiRemoteUser = getenv ("SADHOC_REMOTE_USER"))) if (!(CgiRemoteUser = getenv ("WWW_REMOTE_USER"))) if (!(CgiRemoteUser = getenv ("REMOTE_USER"))) CgiRemoteUser = ""; if (!*CgiRemoteUser) { begun = 1; fprintf (stdout, "Status: 403 Forbidden\r\n\ Content-Type: text/html\r\n\ \r\n\ \n\ \n\ \n\ \n\ %s:: %s\n\ %s\ \n\ \n\
authorization failure
\n\ \n\ \n", SOFTWAREID, SyiNodeName, ScriptName, sadhocStyle); sadhocExit (SS$_NORMAL, __LINE__); } scrptr = ScreperInit (); if (cptr = getenv ("SADHOC_INSPECT")) inspect = atol (cptr); if (!(CgiRequestUri = getenv ("WWW_REQUEST_URI"))) if (!(CgiRequestUri = getenv ("REQUEST_URI"))) CgiRequestUri = ""; if (!(CgiScriptName = getenv ("WWW_SCRIPT_NAME"))) if (!(CgiScriptName = getenv ("SCRIPT_NAME"))) CgiScriptName = ""; if (!(CgiQueryString = getenv ("WWW_QUERY_STRING"))) if (!(CgiQueryString = getenv ("QUERY_STRING"))) CgiQueryString = ""; if (*CgiQueryString) { if (strstr (CgiQueryString, "populate=")) sadhocPopulate (); else sadhocPage (); } else sadhocSubmit (); sadhocExit (SS$_NORMAL, __LINE__); } /*****************************************************************************/ /* Provide a form providing a single or multiple ad hoc commands. */ void sadhocSubmit () { int idx; char *cptr; const char *sptr = "-page=48 -width=80 -repeat=2 -timestamp\n" "-dcl=SHOW SYSTEM"; /*********/ /* begin */ /*********/ begun = 1; fprintf (stdout, "Status: 200 OK\r\n\ Content-Type: text/html\r\n\ Script-Control: X-stream-mode=1\r\n\ %s\ \r\n\ \n\ \n\ \n\ \n\ %s:: %s\n\ %s\n\ \n\ \n\

sadHOC

\n\
\n\ \n\

\n\

\n", ScreperDo (NULL,"-csp"), SOFTWAREID, SyiNodeName, ScriptName, sadhocStyle, CgiScriptName, sptr); for (idx = 2; idx <= SAD_MAX; idx++) fprintf (stdout, "

\n", idx); fprintf (stdout, "

\n\   \ \n\

\n\ \n\ \n"); sadhocExit (SS$_NORMAL, __LINE__); } /*****************************************************************************/ /* A page with multiple terminal screen outputs, each in an iframe. If a single screen then sadhocTerminal() provides that directly. */ void sadhocPage () { int number; char *cptr; void *scrptr; /*********/ /* begin */ /*********/ if (strstr (CgiQueryString, "=Try+One")) { sadhocTerminal (1); return; } if ((number = sadhocCount()) <= 1) { sadhocTerminal (1); return; } number = 0; if (cptr = strstr (CgiQueryString, "&number=")) number = atoi (cptr+8); if (number >= 1 && number <= SAD_MAX) { sadhocTerminal (number); return; } scrptr = ScreperInit (); begun = 1; fprintf (stdout, "Status: 200 OK\r\n\ Content-Type: text/html\r\n\ Script-Control: X-stream-mode=1\r\n\ %s\ \r\n\ \n\ \n\ \n\ \n\ %s:: %s\n\ %s\ %s\ \n\ \n", ScreperDo(scrptr,"-csp"), SOFTWAREID, SyiNodeName, ScriptName, ScreperDo(scrptr,"-resize"), sadhocStyle); fprintf (stdout, "
\n"); for (number = 1; number <= SAD_MAX; number++) if (sadhocNumber (number)) fprintf (stdout, "\n", number, CgiRequestUri, number); fprintf (stdout, "
\n\

%s\ \n\ \n", ScreperDo(scrptr,"-pause")); sadhocExit (SS$_NORMAL, __LINE__); } /*****************************************************************************/ /* A page with the embedded terminal screen output. If multiple concurrent terminals then this will be in an iframe. */ void sadhocTerminal (int number) { int idx, count, status; char *cptr, *nonce, *sptr; char class [64], font [256]; void *scrptr; /*********/ /* begin */ /*********/ if (!(nonce = getenv ("WWW_CSP_NONE"))) if (!(nonce = getenv ("CSP_NONE"))) nonce = ""; sprintf (font, "setTimeout(\"document.body.style.fontSize = \ \'smaller\'\",100);\n", nonce[0] ? " nonce='" : "", nonce[0] ? nonce : "", nonce[0] ? "'" : ""); begun = 1; scrptr = ScreperInit (); fprintf (stdout, "Status: 200 OK\r\n\ Content-Type: text/html\r\n\ Script-Control: X-stream-mode=1\r\n\ %s\ \r\n\ \n\ \n\ \n\ \n\ %s:: %s\n\ %s\ %s\ %s\ \n\ \n\ %s\ \n\ \n", ScreperDo (scrptr,"-csp"), SOFTWAREID, SyiNodeName, ScriptName, ScreperDo (scrptr, "-css"), ScreperDo (scrptr, "-javascript"), sadhocCount() > 1 ? font : "", ScreperDo (scrptr, "-screen")); sadhocExit (SS$_NORMAL, __LINE__); } /*****************************************************************************/ /* Spawn the command subprocess and provide the HTML-ified, scraped terminal screen output back to the embedded virtual screen. */ void sadhocPopulate () { int number, status; char *cptr, *rptr, *sptr, *zptr; char scratch [256], scrdo [512]; void *scrptr; /*********/ /* begin */ /*********/ scrptr = ScreperInit (); number = 0; if (cptr = strstr (CgiQueryString, "number=")) number = atoi (cptr+7); if (number < 1 || number > SAD_MAX) number = 1; sprintf (scratch, "adhoc%d=", number); if (cptr = strstr (CgiQueryString, scratch)) { while (*cptr && *cptr != '=') cptr++; if (*cptr) cptr++; zptr = (sptr = scrdo) + sizeof(scrdo)-32; sptr += sprintf (sptr, "-inspect=%d -utility=\"%s\"", inspect, "sadHOC"); while (*cptr && *cptr != '&' && sptr < zptr) *sptr++ = *cptr++; *sptr = '\0'; sadhocUrlDecode (scrdo); } else sadhocExit (SS$_BUGCHECK, __LINE__); /* facilitate development - no referer then is populate=1 directly */ if (!(rptr = getenv ("WWW_HTTP_REFERER"))) rptr = getenv ("HTTP_REFERER"); begun = 1; if (inspect && rptr) fprintf (stdout, "Status: 200 OK\r\n\ Content-Type: text/plain\r\n\ Script-Control: X-record-mode=1\r\n\ %s\ \r\n", ScreperDo(scrptr,"-csp")); else fprintf (stdout, "Status: 200 OK\r\n\ Content-Type: text/html\r\n\ Script-Control: X-stream-mode=1\r\n\ Script-Control: X-timeout-output=none\r\n\ Script-Control: X-content-encoding-gzip=0\r\n\ %s\ \r\n", ScreperDo(scrptr,"-csp")); fflush (stdout); if (!rptr) /* no referer then is populate=1 directly */ fprintf (stdout, "\n\n%s\n

\n",
               ScreperDo (scrptr, "-css"));
 
   if (inspect) fprintf (stdout, "|%s|\n", scrdo);

   fflush (stdout);

   sptr = ScreperDo (scrptr, scrdo);
   if (*(USHORTPTR)sptr == '%X')
      status = strtol (sptr+2, NULL, 16);
   else
      status = SS$_BUGCHECK;

   sadhocExit (status, __LINE__);
}

/*****************************************************************************/
/*
By parsing the query string, return true or false if the specified terminal
number is present and being a textarea has non-space content.
*/

int sadhocNumber (int number)

{
   int  idx;
   char  *cptr;
   char  scratch [64];

   /*********/
   /* begin */
   /*********/

   sprintf (scratch, "adhoc%d=", number);
   if (cptr = strstr (CgiQueryString, scratch))
   {
      while (*cptr && *cptr != '=' && *cptr != '&') cptr++;
      if (*cptr == '=')
      {
         for (cptr++; *cptr && *cptr != '&' && isspace(*cptr); cptr++);
         if (*cptr && *cptr != '&') return (1);
      }
   }
   return (0);
}

/*****************************************************************************/
/*
By parsing the query string, return the number of individual monitor terminals.
*/

int sadhocCount ()

{
   int  count, number;

   /*********/
   /* begin */
   /*********/

   count = 0;
   for (number = 1; number <= SAD_MAX; number++)
      if (sadhocNumber (number)) count++;
   return (count);
}

/*****************************************************************************/
/*
Perform in-place URL decode.  Perform strdup() before calling to retain
original then free() when finished using, as required.
*/

int sadhocUrlDecode (char *string)

{
   uint  ch;
   char  *cptr, *sptr;

   /*********/
   /* begin */
   /*********/

   for (cptr = sptr = string; *cptr; cptr++)
   {
      if (*cptr == '+')
         *sptr++ = ' ';
      else
      if (*cptr == '%')
      {
         *sptr = '\0';
         cptr++;
         if (*(cptr+1))
         {
            if (sscanf (cptr, "%02x", &ch) < 1) return (0);
            *sptr++ = ch;
         }
         else
            return (0);
         cptr++;
      }
      else
         *sptr++ = *cptr;
   }
   *sptr = '\0';
   return (sptr - string);
}

/*****************************************************************************/
/*
Return a pointer to an allocated string containing encoded HTML-forbidden
characters.  The string can be free()ed after use, as required.
*/

char* sadhocHtmlEncode (char *string)

{
   int  cnt = 0;
   char  *aptr, *cptr, *eptr, *sptr;

   /*********/
   /* begin */
   /*********/

   for (cptr = string; *cptr; cptr++)
      if (*cptr && (*cptr == '<' || *cptr == '>' || *cptr != '&' ||
                    *cptr == '\"' || *cptr != '\'')) cnt++;
   aptr = sptr = calloc (1, cptr - string + (cnt * 6));
   for (cptr = string; *cptr; cptr++)
   {
      if (*cptr != '<' && *cptr != '>' && *cptr != '&' &&
          *cptr != '\"' && *cptr != '\'')
         *sptr++ = *cptr;
      else
      {
         if (*cptr == '<')
            eptr = "<";
         else
         if (*cptr == '>')
            eptr = ">";
         else
         if (*cptr == '&')
            eptr = "&";
         else
         if (*cptr == '\"')
            eptr = """;
         else
            eptr = "'";
         while (*eptr) *sptr++ = *eptr++;
      }
   }
   return (aptr);
}

/*****************************************************************************/
/*
Provide some WATCHable exit information.
*/

void sadhocExit (int status, int line)

{
   /*********/
   /* begin */
   /*********/

   if (!begun)
      fputs ("Status: 200 OK\r\n\
Content-Type: text/plain\r\n\
Script-Control: X-record-mode=1\r\n\
\r\n", stdout);

    fprintf (stdout, "\n", line, status);

    exit (SS$_NORMAL);
}

/*****************************************************************************/