#!/usr/bin/perl -w # # $Id$ # ############################################################################ # The following preferences may be modified to match the local environment # ############################################################################ # Directory with the users data. $TMPDIR = '/tmp/asn1c-cgi-jail/'; $SUIDHelper = './asn1c-suid-helper'; $SkeletonsDir = '/usr/local/share/asn1c'; # Will be needed only once $CompilerLocation = '/usr/local/bin/asn1c'; # asn1c binary location $MD5ProgramPath = 'md5'; $DM = 0750; # Directory mode for all mkdirs. $warn = '
";
###################################################
# The code below rarely requires any modification #
###################################################
my $content = ''; # Default content is empty
use CGI qw/param cookie header upload escapeHTML/;
$|=1; # Enable AutoFlush (for older versions of Perl)
# If something goes wrong, this function is invoked to display the error message
sub bark($@) {
local $_ = join("
\n", @_);
$content = $warn . $_ . $unwarn;
goto PRINTOUT;
}
# Make the directory name containing session files for the given Session ID
sub makeSessionDirName($$) {
local $pfx = shift; # Prefix is the name of the top-level directory
local $sid = shift; # Session identifier (md5)
$pfx . '/sessions/' . $sid . '/';
}
# Create ISO 8601 time string: "YYYY-MM-DDThh:mm:ss"
my $cachedTime;
sub isoTime() {
return $cachedTime if $cachedTime;
local @tm = localtime(time);
$tm[5] += 1900;
$tm[4] += 1;
# Insert leading zeros
for(my $i = 0; $i < 5; $i++) {
$tm[$i] =~ s/^(.)$/0$1/;
}
$cachedTime = "$tm[5]-$tm[4]-$tm[3]T$tm[2]:$tm[1]:$tm[0]";
}
# Create the necessary environment for chrooting into.
sub prepareChrootEnvironment() {
return 1 if(-d $TMPDIR); # Envuronment already exists
mkdir $TMPDIR, $DM, or bark($OpEnvFailed, $!); # Global directory
mkdir $TMPDIR . 'sessions', $DM or bark($OpEnvFailed, $!); # sessions
mkdir $TMPDIR . 'bin', $DM or bark($OpEnvFailed, $!); # asn1c location
mkdir $TMPDIR . 'skeletons', $DM or bark($OpEnvFailed, $!); # asn1c data
if(-d '/lib') {
# Merge in dynamic libc
mkdir $TMPDIR . 'lib', $DM or bark($OpEnvFailed, $!);
system("cd $TMPDIR/lib && "
. "for i in"
. " /lib/ld-linux.*" # Linux ELF loader
. " /lib/libc.*" # Standard C library
. " /lib/libm.*" # Math library
. '; do ln $i; done');
} elsif(-d '/usr/lib') {
# There's no /lib on MacOS
mkdir $TMPDIR . 'usr', $DM or bark($OpEnvFailed, $!);
mkdir $TMPDIR . 'usr/lib', $DM or bark($OpEnvFailed, $!);
mkdir $TMPDIR . 'usr/lib/system', $DM or bark($OpEnvFailed, $!);
system("cd $TMPDIR/usr/lib && "
. "for i in"
. " /usr/lib/libc.*"
. " /usr/lib/libSystem.*"
. " /usr/lib/system/libmath*"
. " /usr/lib/dy*"
. '; do ln $i; done');
}
if(-d '/usr/libexec') {
# FreeBSD ELF loader
mkdir $TMPDIR . 'usr', $DM;
mkdir $TMPDIR . 'usr/libexec',$DM or bark($OpEnvFailed, $!);
system("cd $TMPDIR/usr/libexec && "
. 'for i in /usr/libexec/ld-elf.*; do ln $i; done');
}
system("cp $CompilerLocation $TMPDIR/bin 2>/dev/null") == 0
or bark($OpEnvFailed, $!);
system("cp -r $SkeletonsDir/* $TMPDIR/skeletons >/dev/null 2>&1") == 0
or bark($OpEnvFailed, $!);
return 1;
}
my $EnvironmentSetOK = prepareChrootEnvironment();
#
# Prepare the session and create the session directory.
# If session exists, perfom arguments checking and execute historic views.
#
$session = cookie('SessionID');
unless($session) {
$session = '';
open(R, '/dev/urandom')
or open(R, '/dev/random')
or bark($RandFailed);
read(R, $session, 16) == 16 or bark("Not enough randomness");
if($ENV{HTTP_USER_AGENT}) {
$session .= $ENV{HTTP_USER_AGENT}; # Add randomness
}
my $pid = open(R, "-|");
if($pid == 0) { # Child
open(W, "| $MD5ProgramPath") or die;
print W $session;
exit(0);
}
$session =
\n", `env`);
$form =
"\n";
;
#
# Gather previous transactions to generate the history page.
# The history page contains a list of several last ASN.1 files
# which were uploaded for compilation into the system
# by this particular browser (cookie-tracked).
#
opendir(SD, $sessionDir) or bark("Cannot open sandbox: $!");
my @transactions = sort { $b cmp $a }
(grep {/^[0-9TZ:+-]{14,}--[_.a-zA-Z0-9-]+$/}
readdir(SD));
my $CountHistoryItems = 0;
foreach my $trans (sort { $b cmp $a } @transactions) {
next unless($trans =~ /^([0-9TZ:+-]{14,})--([_.a-zA-Z0-9-]+)$/);
local ($t, $f) = ($1, $2);
local $origTime = $t;
$t =~ s/T/ /; # 1999-01-02T13:53:12 => 1999-01-02 13:53:12
# Global transaction number
local $tNum = 1 + $#transactions - $CountHistoryItems;
# Open the list of file names under which these files are known
# at the remote system.
open(I, '< ' . $sessionDir . '/' . $trans . '/+Names');
local @Names = ;
# Open the list of "safe" file names under which these files
# are known to our file system.
open(I, '< ' . $sessionDir . '/' . $trans . '/+safeNames');
local @safeNames = ;
# Create a list of real file names whith appropriate links to the
# "safe" file names for subsequent file fetching.
local @markedNames = ();
for(my $i = 0; $i <= $#Names; $i++) {
local $_ = "$Names[$i]";
@markedNames = (@markedNames, $_);
}
open(I, '< ' . $sessionDir . '/' . $trans . '/+ExitCode');
local $ec = ;
chop($ec);
if($ec eq "0") {
$results = ""
. "Compiled OK
\n";
} else {
$results = ""
. "Error during compilation: $ec
\n";
}
$results .= "
\n"
. " ";
last unless(++$CountHistoryItems < 5);
}
if($history) {
$history = "$tNum "
. ""
. join(", ", @markedNames)
. " "
. ""
. $results
. " "
. "History
"
. ""
. " \n"
. "
"
. " \n"
. $history . "N "
. "Files processed "
. "Result "
. "
\n";
}
$content .=
"
";
$ua = $ENV{HTTP_USER_AGENT};
$ua =~ s/\\/\\\\/;
$ua =~ s/"/\\"/;
print LOG "\tUA=\"$ua\"";
print LOG "\n"; # Finalize logging record
PRINTOUT:
print header(-expires=>'-1y') unless($HTTPHeaderGenerated);
# If environment has never been set up completely, remove it.
if($EnvironmentSetOK != 1 && $TMPDIR ne "/") {
system("rm -rf $TMPDIR/ >/dev/null 2>&1");
}
print<\n"
. " ASN.1 Input
\n"
. "$form\n"
. "\n$history"
. "Privacy Note 1: this page is tailored "
. "to your browser using a cryprographically strong cookie. "
. "Other users will see different data. "
. "However, the page is not secure against malicious users "
. "if they are able to intercept your non-SSL Web traffic."
. "
Privacy Note 2: The author reserves the right to collect any information directly or indirectly supplied by the user of this system. This information may only be used by the author or contributors to enhance the software product. No data is ever given, sold, or otherwise distributed to the third-parties."
. "
Privacy Note 3: In no event shall the author or contributors be liable for any damages, however caused, even if advised of the possibility of such damage."
. ""
. "