Carlos A. Garcia G. [samu...@loscabos.gob.mx] wrote: > > On 09/09/11 10:12, Chris Cappuccio wrote: > >somebody actually wrote their own open source replacement for the frontpage > >CGIs sometime, that might be worth a look. i'm sure you can find it > >searching around. > > > >or, you can replace mod_frontpage with suexec, a small wrapper that you get > >to compile, and mod_rewrite rules. you still have to use the nasty > >microsoft binaries in emulation mode, which means i386-only. i still have > >the mod_rewrite rule list and the CGI wrapper if you want. > sure i want them i would apreciate if u can send it tome thanks.
i haven't touched it in years, but it should still work fine if the microsoft binaries work under some kind of emulation, linux or freebsd maybe? certainly not bsdi emulation anymore. although this is slightly tricky to get working, it's a bit easier than mod_frontpage/fp_install.sh madness. it requires suexec and mod_rewrite. having said that, look for the "open source frontpage extensions" that are floating around, they can likely be compiled on any architecture. i never used them because i refused to support frontpage long ago, long before i knew of them. steps to figure out why frontpage extensions are hated: 1. unpack frontpage extensions in /var/www/usr/local/frontpage and ln -s /var/www/usr/local/frontpage /usr/local/frontpage for your own sanity 2. suexec user/group need to be the same as the file owner. chmod u+s /usr/sbin/suexec (httpd looks here even if it's chrooted) and /var/www/usr/sbin/suexec 3. frontpage wants to see a copy of httpd.conf with a virtualhost and a directory definition in it to determine things like directory, i keep them all separate so I do: cat /vhost/* >/usr/local/frontpage/httpd.conf 4. you still need to use the microsoft frontpage binary to initially "activate" frontpage crap in each virtualhost directory (that means spread random crap, files and directories, all over your virtualhost directory space!!!) /usr/local/frontpage/currentversion/bin/owsadm.exe -o install -u $username -p 80 -m $vhost -servconf /usr/local/frontpage/httpd.conf -xuser $fileowner echo smtphost:mail.blackfuck.gob.mx >>/usr/local/frontpage/$vhost:80.cnf 5. as i remember, bsdi frontpage expects a few things to be in the chroot: cp /etc/passwd /etc/group /etc/pwd.db /var/www/etc that was with bsdi emulation, which was compatible with openbsd pwd.db by virtue of bsd hertiage, db 1.85 and endurance of /etc/passwd format over time. with linux or some other binaries, who knows if 'pwd.db' will be readable by linux binaries, it's likely that linux frontpage doesn't look at pwd.db at all. they probably just want /etc/passwd there suexec/mod_rewrite rules for each VirtualHost: User blahfuck Group blahfuck RewriteEngine On RewriteRule ^(.*)/_vti_bin/shtml.dll(.*) $1/_vti_bin/shtml.exe$2 RewriteRule ^.*/_vti_bin/shtml.exe.* - [E=HTTP_FPEXE:/_vti_bin/shtml.exe,T=internal/fpexe,PT] RewriteRule ^.*/_vti_bin/fpcount.exe.* - [E=HTTP_FPEXE:/_vti_bin/fpcount.exe,T=internal/fpexe,PT] RewriteRule ^.*/_vti_bin/_vti_aut/author.exe.* - [E=HTTP_FPEXE:/_vti_bin/_vti_aut/author.exe,T=internal/fpexe,PT] RewriteRule ^.*/_vti_bin/_vti_adm/admin.exe.* - [E=HTTP_FPEXE:/_vti_bin/_vti_adm/admin.exe,T=internal/fpexe,PT] RewriteRule ^.*/_vti_bin/_vti_adm/fpadmcgi.exe.* - [E=HTTP_FPEXE:/_vti_bin/_vti_adm/fpadmcgi.exe,T=internal/fpexe,PT] Action internal/fpexe /_fpbin/fpexe RewriteRule ^.*/_vti_bin/_vti_adm/([a-z]*).gif /_fpimages/$1.gif [PT] Alias /_fpimages/ /usr/local/frontpage/currentversion/exes/_vti_bin/_vti_adm/images/ RewriteRule ^.*/_vti_bin/_vti_adm/help/([0-9]*)/[a-z]*/([0-9A-Za-z\.]*) /_fphelp/$1/$2 [PT] Alias /_fphelp/ /usr/local/frontpage/currentversion/help/ fpexe.c: (i have no idea who wrote this, but it works. if you are worried about this being an HTTP CGI attack vector, look carefully at memory allocation, pointer usage, strcmp and strcpy. i didn't. if you are worried about HTTP CGI attack vectors, don't run unsupported bug ridden microsoft CGIs at all. suexec/chroot/backups was enough for me.) #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <ctype.h> #include <time.h> #define FPDIR "/usr/local/frontpage/currentversion/exes" #define DOC_ROOT "/" #ifndef MAXPATHLEN #define MAXPATHLEN 1024 #endif #if (MAXPATHLEN < 1024) #undef MAXPATHLEN #define MAXPATHLEN 1024 #endif #define SHTML "/_vti_bin/shtml.exe" #define FPCOUNT "/_vti_bin/fpcount.exe" #define AUTHOR "/_vti_bin/_vti_aut/author.exe" #define ADMIN "/_vti_bin/_vti_adm/admin.exe" #define FPADM "/_vti_bin/_vti_adm/fpadmcgi.exe" void die(const char *msg) { #if 0 char timebuf[26]; time_t t = time(0); strcpy(timebuf, ctime(&t)); timebuf[24] = '\0'; #endif write(1, "Content-Type: text/plain\n\nFrontPage security violation.", 55); #if 0 write(2, timebuf, 24); #endif write(2, msg, strlen(msg)); exit(0); } void main(int argc, char **argv) { char szWork[MAXPATHLEN]; const char* szFpExe = getenv("HTTP_FPEXE"); const char* szFpFn = getenv("PATH_TRANSLATED"); char *tmp, *tmp2; char c; if(!getenv("REDIRECT_STATUS") || !szFpExe || !szFpFn) { die("FrontPage Error: direct violation"); } tmp = strstr(tmp2=getenv("PATH_INFO"), szFpExe)+strlen(szFpExe); memmove(tmp2, tmp, strlen(tmp)+1); tmp = malloc(strlen(tmp2)+6); strcpy(tmp, DOC_ROOT); strcpy(tmp+5, tmp2); setenv("PATH_TRANSLATED", tmp ,1); tmp=getenv("REQUEST_URI"); tmp2=strstr(tmp, szFpExe); tmp2+=strlen(szFpExe); c=*tmp2; *tmp2=0; setenv("SCRIPT_NAME", tmp ,1); *tmp2=c; tmp = malloc((strlen(tmp2=getenv("SCRIPT_NAME")))+6); strcpy(tmp, DOC_ROOT); strcpy(tmp+5, tmp2); setenv("SCRIPT_FILENAME", tmp ,1); unsetenv("REDIRECT_STATUS"); unsetenv("REDIRECT_URL"); if (strcmp(szFpExe, SHTML) != 0 && strcmp(szFpExe, FPCOUNT) != 0 && strcmp(szFpExe, AUTHOR) != 0 && strcmp(szFpExe, FPADM) != 0 && strcmp(szFpExe, ADMIN) != 0) /* * User recovery: Make sure fpexe is only invoked to run FrontPage * server extension programs. */ die("FrontPage Error: target program violation"); tmp = strstr(szFpFn, strrchr(szFpExe, '/')); if(tmp) { *tmp=0; if(chdir(szFpFn)==-1) die("FrontPage Error: chdir failed"); *tmp='/'; } strcpy(szWork, FPDIR); strcat(szWork, szFpExe); argv[0] = szWork; umask(022); execv(argv[0], argv); /* * We should never get here. Exit with error. */ die("FrontPage Error: execv failed"); exit(1); }