Carlos A. Garcia G. [samu...@loscabos.gob.mx] wrote:
>
> On 09/09/11 10:12, Chris Cappuccio wrote:
> >somebody actually wrote their own open source replacement for the frontpage
> >CGIs sometime, that might be worth a look. i'm sure you can find it
> >searching around.
> >
> >or, you can replace mod_frontpage with suexec, a small wrapper that you get
> >to compile, and mod_rewrite rules. you still have to use the nasty
> >microsoft binaries in emulation mode, which means i386-only. i still have
> >the mod_rewrite rule list and the CGI wrapper if you want.
> sure i want them i would apreciate if u can send it tome thanks.
i haven't touched it in years, but it should still work fine if the microsoft
binaries work under some kind of emulation, linux or freebsd maybe? certainly
not bsdi emulation anymore.
although this is slightly tricky to get working, it's a bit easier than
mod_frontpage/fp_install.sh madness. it requires suexec and mod_rewrite.
having said that, look for the "open source frontpage extensions" that are
floating around, they can likely be compiled on any architecture. i never used
them because i refused to support frontpage long ago, long before i knew of
them.
steps to figure out why frontpage extensions are hated:
1. unpack frontpage extensions in /var/www/usr/local/frontpage and ln -s
/var/www/usr/local/frontpage /usr/local/frontpage for your own sanity
2. suexec user/group need to be the same as the file owner. chmod u+s
/usr/sbin/suexec (httpd looks here even if it's chrooted) and
/var/www/usr/sbin/suexec
3. frontpage wants to see a copy of httpd.conf with a virtualhost and a
directory definition in it to determine things like directory, i keep them all
separate so I do: cat /vhost/* >/usr/local/frontpage/httpd.conf
4. you still need to use the microsoft frontpage binary to initially "activate"
frontpage crap in each virtualhost directory (that means spread random crap,
files and directories, all over your virtualhost directory space!!!)
/usr/local/frontpage/currentversion/bin/owsadm.exe -o install -u $username -p
80 -m $vhost -servconf /usr/local/frontpage/httpd.conf -xuser $fileowner
echo smtphost:mail.blackfuck.gob.mx >>/usr/local/frontpage/$vhost:80.cnf
5. as i remember, bsdi frontpage expects a few things to be in the chroot: cp
/etc/passwd /etc/group /etc/pwd.db /var/www/etc
that was with bsdi emulation, which was compatible with openbsd pwd.db by
virtue of bsd hertiage, db 1.85 and endurance of /etc/passwd format over time.
with linux or some other binaries, who knows if 'pwd.db' will be readable by
linux binaries, it's likely that linux frontpage doesn't look at pwd.db at all.
they probably just want /etc/passwd there
suexec/mod_rewrite rules for each VirtualHost:
User blahfuck
Group blahfuck
RewriteEngine On
RewriteRule ^(.*)/_vti_bin/shtml.dll(.*) $1/_vti_bin/shtml.exe$2
RewriteRule ^.*/_vti_bin/shtml.exe.* -
[E=HTTP_FPEXE:/_vti_bin/shtml.exe,T=internal/fpexe,PT]
RewriteRule ^.*/_vti_bin/fpcount.exe.* -
[E=HTTP_FPEXE:/_vti_bin/fpcount.exe,T=internal/fpexe,PT]
RewriteRule ^.*/_vti_bin/_vti_aut/author.exe.* -
[E=HTTP_FPEXE:/_vti_bin/_vti_aut/author.exe,T=internal/fpexe,PT]
RewriteRule ^.*/_vti_bin/_vti_adm/admin.exe.* -
[E=HTTP_FPEXE:/_vti_bin/_vti_adm/admin.exe,T=internal/fpexe,PT]
RewriteRule ^.*/_vti_bin/_vti_adm/fpadmcgi.exe.* -
[E=HTTP_FPEXE:/_vti_bin/_vti_adm/fpadmcgi.exe,T=internal/fpexe,PT]
Action internal/fpexe /_fpbin/fpexe
RewriteRule ^.*/_vti_bin/_vti_adm/([a-z]*).gif /_fpimages/$1.gif [PT]
Alias /_fpimages/
/usr/local/frontpage/currentversion/exes/_vti_bin/_vti_adm/images/
RewriteRule ^.*/_vti_bin/_vti_adm/help/([0-9]*)/[a-z]*/([0-9A-Za-z\.]*)
/_fphelp/$1/$2 [PT]
Alias /_fphelp/ /usr/local/frontpage/currentversion/help/
fpexe.c:
(i have no idea who wrote this, but it works. if you are worried about this
being an HTTP CGI attack vector, look carefully at memory allocation, pointer
usage, strcmp and strcpy. i didn't. if you are worried about HTTP CGI attack
vectors, don't run unsupported bug ridden microsoft CGIs at all.
suexec/chroot/backups was enough for me.)
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
#include <time.h>
#define FPDIR "/usr/local/frontpage/currentversion/exes"
#define DOC_ROOT "/"
#ifndef MAXPATHLEN
#define MAXPATHLEN 1024
#endif
#if (MAXPATHLEN < 1024)
#undef MAXPATHLEN
#define MAXPATHLEN 1024
#endif
#define SHTML "/_vti_bin/shtml.exe"
#define FPCOUNT "/_vti_bin/fpcount.exe"
#define AUTHOR "/_vti_bin/_vti_aut/author.exe"
#define ADMIN "/_vti_bin/_vti_adm/admin.exe"
#define FPADM "/_vti_bin/_vti_adm/fpadmcgi.exe"
void
die(const char *msg)
{
#if 0
char timebuf[26];
time_t t = time(0);
strcpy(timebuf, ctime(&t));
timebuf[24] = '\0';
#endif
write(1, "Content-Type: text/plain\n\nFrontPage security violation.", 55);
#if 0
write(2, timebuf, 24);
#endif
write(2, msg, strlen(msg));
exit(0);
}
void
main(int argc, char **argv)
{
char szWork[MAXPATHLEN];
const char* szFpExe = getenv("HTTP_FPEXE");
const char* szFpFn = getenv("PATH_TRANSLATED");
char *tmp, *tmp2;
char c;
if(!getenv("REDIRECT_STATUS") || !szFpExe || !szFpFn) {
die("FrontPage Error: direct violation");
}
tmp = strstr(tmp2=getenv("PATH_INFO"), szFpExe)+strlen(szFpExe);
memmove(tmp2, tmp, strlen(tmp)+1);
tmp = malloc(strlen(tmp2)+6);
strcpy(tmp, DOC_ROOT);
strcpy(tmp+5, tmp2);
setenv("PATH_TRANSLATED", tmp ,1);
tmp=getenv("REQUEST_URI");
tmp2=strstr(tmp, szFpExe);
tmp2+=strlen(szFpExe);
c=*tmp2;
*tmp2=0;
setenv("SCRIPT_NAME", tmp ,1);
*tmp2=c;
tmp = malloc((strlen(tmp2=getenv("SCRIPT_NAME")))+6);
strcpy(tmp, DOC_ROOT);
strcpy(tmp+5, tmp2);
setenv("SCRIPT_FILENAME", tmp ,1);
unsetenv("REDIRECT_STATUS");
unsetenv("REDIRECT_URL");
if (strcmp(szFpExe, SHTML) != 0 &&
strcmp(szFpExe, FPCOUNT) != 0 &&
strcmp(szFpExe, AUTHOR) != 0 &&
strcmp(szFpExe, FPADM) != 0 &&
strcmp(szFpExe, ADMIN) != 0)
/*
* User recovery: Make sure fpexe is only invoked to run FrontPage
* server extension programs.
*/
die("FrontPage Error: target program violation");
tmp = strstr(szFpFn, strrchr(szFpExe, '/'));
if(tmp) {
*tmp=0;
if(chdir(szFpFn)==-1)
die("FrontPage Error: chdir failed");
*tmp='/';
}
strcpy(szWork, FPDIR);
strcat(szWork, szFpExe);
argv[0] = szWork;
umask(022);
execv(argv[0], argv);
/*
* We should never get here. Exit with error.
*/
die("FrontPage Error: execv failed");
exit(1);
}
