home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
srev13h.zip
/
USERCFG.CMD
< prev
next >
Wrap
OS/2 REXX Batch file
|
1999-06-19
|
20KB
|
545 lines
/* */
usercfg:
CHECKIT=0 /* Change this to 0 if you want to enable REMOTE configuration by SUPERUSERS */
USECOLOR='2dd52f'
/* ---------------- DO NOT MODIFY BELOW THIS LINE ------------------ */
parse arg ddir, tempfile, sel,list,verb ,uri,user, ,
basedir ,workdir,privset,enmadd,transaction,verbose, ,
servername,host_nickname,homedir,aparam,semqueue,prog_file,reqnum
/* parse arg ddir,tempfile,sel,list,verb,uri,user,basedir,workdir,privset,enmadd,transaction,verbose */
if verb="" then do
say " This SRE-Http add-on is NOT meant to be run from the command line."
say " It can be invoked by using CONFIGUR.HTM "
exit
end /* Do */
crlf='0d0a'x
list=translate(list, ' ', '+'||'090a0d'x) /* Whitespace, etc. */
who2=extract('CLIENTADDR')
saddr2=extract('SERVERADDR')
NO_REM=VALUE('SREF_NO_REMOTE_CONFIG',,'OS2ENVIRONMENT')
select
when checkit=1 | no_rem>0 then do
/* only if user = serveraddress !!! */
if who2<>saddr2 | no_rem=2 then do
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><title>SRE-HTTP remote configuartor disabled </title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'"> '
call lineout tempfile,' <strong> Action not allowed remotely.</strong> <pre>'
call lineout tempfile,' </body> </html> '
call lineout tempfile
foo=sref_gos('FILE ERASE TYPE text/html NAME' tempfile)
return 'USERCFG: action not allowed remotely. '
end
end
otherwise do
if wordpos('SUPERUSER',privset)=0 then do
'RESPONSE HTTP/1.1 401 Unauthorized ' /* Set HTTP response line */
att=sref_gmt()
'HEADER Noauto ADD Date: 'att
'header add WWW-Authenticate: Basic Realm=<CONFIGURE>' /* challenge */
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><title>Not authorized </title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'"> '
call lineout tempfile,' <strong> You do not have configuration rights.</strong> <pre>'
if who2=saddr2 then
call lineout tempfile,'<br> <Em> You may want to edit USERCFG.CMD </em> '
call lineout tempfile,' </body> </html> '
call lineout tempfile
iia=dosdir(tempfile,'s')
'FILE ERASE TYPE text/html NAME' tempfile
return '401 'iia' USERCFG: not permitted to configure. '
end
end
end
list=strip(list)
select
when upper(list)='TODO=SHOW' | upper(list)='TODO=SHOW_HEADER' then
signal doshow
when upper(list)='TODO=SET' then
signal doset
when upper(list)='TODO=CURRENT' then
signal showcurrent
otherwise
signal dochange
end /* select */
/* jump here to show values */
doshow:
userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=sref_fileread(userfile,'lins',,'E')
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><title>SRE-Http: view users </title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'"> '
call lineout tempfile, "<h1> SRE-Http: view users </h1> <p>"
call lineout tempfile, "<h2> List of "header" comments </h2> <pre> <blockquote>"
/* show "header comments" */
iat=0
do until iat >= lins.0
iat=iat+1
if abbrev(strip(lins.iat),';') then do
foo=strip(lins.iat) ;foo=strip(foo,'l',';')
call lineout tempfile, foo
end /* Do */
else do
leave
end
end /* do -- iat is the first non header comment line */
call lineout tempfile, '</blockquote></pre> '
/* view descriptive header only? */
if upper(list)='TODO=SHOW_HEADER' then do
call lineout tempfile,' <hr> </body></html>'
call lineout tempfile
foo=sref_gos('file erase type text/html name ' tempfile)
return ' done '
end /* Do */
/* read in usernames, etc */
nusers=0
call lineout tempfile, ' <hr> <h2> List of users </h2> '
call lineout tempfile,'Notes: <ul> <li> Usernames/passwords are stored in: 'userfile
call lineout tempfile,' <li> <em>Comments are in italics </em> '
call lineout tempfile,' <li> A <strong>* </strong> in the username or password signifies that <em>any entry is a match </em>'
call lineout tempfile, ' <li> Entries with no <strong>host nickname</strong> apply to all requests</ul> <br>'
call lineout tempfile,' <table border=1> <th> Host Nickname </th>'
call lineout tempfile,' <th> Username </th>'
call lineout tempfile,' <th> Password </th>'
call lineout tempfile,' <th> Privileges list </th> <tr>'
do mm=iat to lins.0
if lins.mm=' ' then iterate
if abbrev(strip(lins.mm),';') | lins.mm=' ' then do
call lineout tempfile,'<td colspan=4> <code> </code> <em>' strip(strip(lins.mm),'l',';') '</em></td> <tr> '
end
else do
if pos('//',lins.mm)>0 then
parse var lins.mm hostname '//' username password privs
else do
hostname=' .. '
parse var lins.mm username password privs
end /* Do */
privs=strip(privs)
call lineout tempfile,'<td> <STRONG> 'hostname ' </STRONG></td>'
call lineout tempfile,'<td> <STRONG> 'username ' </STRONG></td>'
call lineout tempfile,'<td> <STRONG> ' password ' </STRONG></td>'
call lineout tempfile,'<td> <STRONG> ' privs ' </STRONG></td> <tr>'
end /* do */
end
call lineout tempfile,' </table>'
call lineout tempfile,' <hr> Thanks for checking </body></html>'
call lineout tempfile
foo=sref_gos('file erase type text/html name ' tempfile)
return ' done '
/* jump here if "show current" chosen */
showcurrent:
foo=wait_queue('USER')
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><title>SRE-http: list of usernames </title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'">'
call lineout tempfile, '<h2>List of SRE-http Usernames/PWDS </h2>'
call lineout tempfile,' This complete list of Usernames & passwords includes entries in default and host specific copies '
call lineout tempfile,' of USERS.IN and ATTRIBS.CFG <hr width="30%">'
call lineout tempfile,'<table border=1>'
call lineout tempfile,'<tr><th> Host <th> Username & <br> Password <th> Privileges'
do forever
if foo='' then leave
parse var foo ah '//' a1 ',' a2 ','a3 (crlf) foo
a3a=''
do mm=1 to words(a3)
parse var a3 t3 a3 ; t3=strip(t3)
if abbrev(t3,'?')=1 then
a3a=a3a' <em>secretpriv</em> '
else
a3a=a3a' 't3
end /* do */
call lineout tempfile,'<tr><td> 'ah '<td> 'a1 '<br><tt>'a2 '</tt> <td> 'a3a
end
call lineout tempfile,'</table></body></html>'
call lineout tempfile
foo=sref_gos('file erase type text/html name ' tempfile)
return ' done '
/* jump here if "set values" chosen */
doset:
userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=sref_fileread(userfile,'lins',,'E')
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><title>SRE-Http: modify users list </title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'"> '
call lineout tempfile,'<!-- a button bar. --> 'crlf ,
'<a href="/configur.htm">Configurator</a>||' crlf ,
'<a href="/config2?todo=SET">Parameters</a>||' crlf ,
'<a href="/usercfg?todo=SET">Usernames</a>||' crlf ,
'<a href="/realmcfg?todo=SET">Define-Realms</a>||'||crlf ,
'<a href="/accescfg?todo=SET">Access-Controls||' crlf ,
'<a href="/aliascfg?todo=SET">Aliases</a>||' crlf ,
'<a href="/virtcfg?todo=SET">VirtualDir</a><p>'
/* ignore header stuff */
iat=0
do until iat >= lins.0
iat=iat+1
if abbrev(strip(lins.iat),';') | lins.iat=' ' then iterate
leave
end /* do -- iat is the first non header comment line */
call lineout tempfile, "<h1> SRE-Http: <A NAME="top">modify users list</A> </h1> <p>"
call lineout tempfile,' <blockquote> You can modify, remove, or add usernames, passwords, and privileges.'
call lineout tempfile,' <br><em> Questions? <A HREF="#notes">The notes might help.</A> </em> </blockquote> '
call lineout tempfile,' <h2> Modify or remove current users </h2>'
call lineout tempfile,'<FORM ACTION="/usercfg" METHOD="GET">'
call lineout tempfile,' <table border=1> <th> Host Nickname <br> (see <A HREF="#hosts">below</A> for a <br>listing of current hosts) </th>'
call lineout tempfile,' <th> Username <br> (set to blank to <br> delete the entry)</th>'
call lineout tempfile,' <th> Password </th>'
call lineout tempfile,' <th> Superuser and <br> INHOUSE privileges </th> '
call lineout tempfile,' <th> Space delimited list of <br> other privileges </th> <tr>'
nhidden=0 ; mm=0
do mm0=iat to lins.0
alin=translate(lins.mm0,' ','1a000d0a'x)
mm=mm+1
if abbrev(strip(alin),';')=1 | alin=' ' then do
nhidden=nhidden+1
hiddens.nhidden='<INPUT TYPE="HIDDEN" name="COMMENT.'||mm||'" value="'||alin||'" >'
iterate
end
/* non comment */
if pos('// ',alin)>0 then
parse var alin hostname '//' username password privs
else do
hostname=' '
parse var alin username password privs
end /* Do */
call lineout tempfile,'<td> <EM>Host nickname:</EM> <br> <INPUT TYPE="text" NAME="hostname.'||mm||'"'
call lineout tempfile,'value="'hostname'" SIZE=8 MAXLENGTH=15> </td> '
call lineout tempfile,'<td> <EM>Username:</EM> <br> <INPUT TYPE="text" NAME="username.'||mm||'"'
call lineout tempfile,'value="'username'" SIZE=8 MAXLENGTH=15> </td> '
call lineout tempfile,'<td> <EM>Password:</EM> <br> <INPUT TYPE="text" NAME="password.'||mm||'"'
call lineout tempfile,'value="'password'" SIZE=8 MAXLENGTH=15> </td> '
privs=strip(privs)
joe=wordpos('SUPERUSER',upper(privs))
issuper=0
if joe>0 then do
issuper=1 ; privs=delword(privs,joe,1)
end
inhouse=0
joe=wordpos('INHOUSE',upper(privs))
if joe>0 then do
inhouse=1 ; privs=delword(privs,joe,1)
end
call lineout tempfile,' <td> <INPUT TYPE=CHECKBOX NAME="SUPERUSER.'mm||'" '
if issuper=1 then do
call lineout tempfile,' CHECKED > SUPERUSER? <br> '
end
else
call lineout tempfile,' > SUPERUSER? <br> '
call lineout tempfile,' <INPUT TYPE=CHECKBOX NAME="INHOUSE.'mm||'" '
if inhouse=1 then do
call lineout tempfile,' CHECKED > INHOUSE ?</td> '
end
else
call lineout tempfile,' > INHOUSE?</td> '
if privs='' then privs=' '
call fix_privs
call lineout tempfile,'<td> <em>Other privileges: </em><br> <INPUT TYPE="text" NAME="privs.'||mm||'"'
call lineout tempfile,'value="'privs'" SIZE=10 MAXLENGTH=45>'
if privs_secret<>'' then call lineout tempfile,'<br><font size="-1">('||words(privs_secret)||' secret privs removed)'
call lineout tempfile,' </td> '
if mm0<lins.0 then do
call lineout tempfile,'<tr>' ; call lineout tempfile,' '
end
end
call lineout tempfile,' '
/* --- allow user to enter a few new names */
call lineout tempfile,' </table> <p> <h2> Add new users </h2> <table border=1>'
mm0=mm
do mm=mm0+1 to mm0+3
call lineout tempfile,'<td> <EM>Host nickname:</EM> <br> <INPUT TYPE="text" NAME="hostname.'||mm||'"'
call lineout tempfile,'value=" " SIZE=8 MAXLENGTH=15> </td> '
call lineout tempfile,'<td> <EM>Username:</EM> <br> <INPUT TYPE="text" NAME="username.'||mm||'"'
call lineout tempfile,'value=" " SIZE=8 MAXLENGTH=15> </td> '
call lineout tempfile,'<td> <EM>Password:</EM> <br> <INPUT TYPE="text" NAME="password.'||mm||'"'
call lineout tempfile,'value=" " SIZE=8 MAXLENGTH=15> </td> '
call lineout tempfile,' <td> <INPUT TYPE=CHECKBOX NAME="SUPERUSER.'mm||'"> SUPERUSER? <br> '
call lineout tempfile,' <INPUT TYPE=CHECKBOX NAME="INHOUSE.'mm||'"> INHOUSE? </td> '
call lineout tempfile,'<td> <em>Other privileges: </em><br> <INPUT TYPE="text" NAME="privs.'||mm||'"'
call lineout tempfile,'value=" " SIZE=10 MAXLENGTH=45> </td>'
if mm<mm0+3 then call lineout tempfile,' <tr> '
end
call lineout tempfile,'</table> <p>'
/* ----- add comments information */
do jj=1 to nhidden
call lineout tempfile,hiddens.jj
end /* do */
call lineout tempfile,' <input type="hidden" name="entries" value="'||mm||'">'
call lineout tempfile,' <input type="submit"> <input type="reset"> </form> '
call lineout tempfile,' <hr> <h3> <A NAME="notes">Notes</A> </h3> <ul> <li> Usernames/passwords are stored in: 'userfile
call lineout tempfile,' <li> To add more then 3 new names, just rerun this several times <br> or edit ' userfile
call lineout tempfile,' <li> Do you want to view a more complete description of '
call lineout tempfile,' <a href="/samples/users.doc"> User information</a>?'
call lineout tempfile,' <li>View the <a href="/usercfg?TODO=CURRENT"> current set of username/passwords </a>?'
call lineout tempfile,' <li> <em>Comments are NOT displayed </em> <li> Case is ignored '
call lineout tempfile,' <li> Use a <strong>* </strong> in the username or password to signify that <em>any entry is a match </em>'
call lineout tempfile, ' <li> Entries with no <strong>host nickname</strong> will apply to all requests</ul> <br>'
call lineout tempfile,' <h3> A list of the <A NAME="hosts">current hosts</A> </h3> <blockquote> '
ii=value(enmadd||'HOSTS.0',,'os2environment')
if ii>0 then do
call lineout tempfile,' <table> <th> IP address </th> <th> Host Nickname </th> <th> Data Directory </th> <tr> '
do ll=1 to ii
wow=value(enmadd||'HOSTS.'||ll,,'os2environment')
parse var wow ip ',' hn ',' hdir
call lineout tempfile,' <td> ' ip '</td> <td> ' hn ' </td> <td> ' hdir '</td> <tr> '
end /* do */
call lineout tempfile,' </table> </blockquote> '
end
else do
call lineout tempfile,' No HOSTS have been defined </blockquote>'
end
call lineout tempfile,' <p> <A HREF="#top">Return to the top of this form.</A>'
call lineout tempfile,'</body></html>'
call lineout tempfile
foo=sref_gos('file erase type text/html name ' tempfile)
return ' done '
/* ********************** jump here to recrod changes */
dochange:
parse upper var list foo 'ENTRIES=' nentries '&' .
do ii1=1 to nentries
fillme.ii1.0=0
end /* do */
do until list=""
parse var list aa '&' list
parse upper var aa avar '.' aind '=' aval
aval=packur(aval)
if abbrev(avar,'ENTRIES=')=1 then iterate
wow=fillme.aind.0+1
fillme.aind.0=wow
fillme.aind.wow.var=avar ; fillme.aind.wow.val=aval
select
when avar="COMMENT" then do
fillme.aind.type='COMMENT'
parse var aa foo '=' aval
fillme.aind.wow.val=packur(aval)
end
when avar="USERNAME" then fillme.aind.type='USERNAME'
otherwise nop
end
end /* do */
userfile=value(enmadd||'USER_FILE',,'os2environment')
aa=sref_fileread(userfile,'lins',,'E')
/* pull "header comments" */
iat=0
do until iat >= lins.0
iat=iat+1
if abbrev(strip(lins.iat),';') then do
newlines.iat=lins.iat
end /* Do */
else do
leave
end
end /* do -- iat is the first non header comment line */
iat=iat-1
do uu=1 to nentries
select
when fillme.uu.type='COMMENT' then do
iat=iat+1
newlines.iat=fillme.uu.1.val
end
when fillme.uu.type='USERNAME' then do
username=' ' ; password='*' ; hostname=' ' ; privs=' '
inhouse=' ' ; superuser=' '
do uu2=1 to fillme.uu.0
chk1=fillme.uu.uu2.var
vvv=fillme.uu.uu2.val
select
when chk1='USERNAME' then USERNAME=vvv
when chk1='PASSWORD' then password=vvv
when chk1='PRIVS' then privs=vvv
when chk1='HOSTNAME' then hostname=vvv
when chk1='SUPERUSER' then superuser='SUPERUSER'
when chk1='INHOUSE' then inhouse='INHOUSE'
otherwise nop
end
end
if username<>' ' then do
iat=iat+1
newlines.iat=''
if hostname<>' ' then
newlines.iat=hostname||'// '
newlines.iat=newlines.iat||username' ' password ' ' superuser ' ' inhouse ' ' privs
end
end
otherwise do
nop
end /* Do */
end /* select over type */
end /* do over entries */
/* save to userfile.. but rename access_file first */
foo=lastpos('.',userfile)
if foo=0 then
acf1=userfile||'.'
else
acf1=left(userfile,foo)
do hi=1 to 999
try1=acf1||hi
if stream(acf1||hi,'c','query exists')='' then leave
end /* do */
foo=dosrename(userfile,try1)
newlines.0=iat
foo=sref_filewrite(userfile,newlines,'R')
call lineout tempfile, '<!doctype html public "-//IETF//DTD HTML 3.0//EN">'
call lineout tempfile, "<html><head><titLE> SRE-Http: Changed list of Users</title>"
call lineout tempfile, '</head><body bgcolor="#'||usecolor||'"> '
call lineout tempfile,' <h2> The list of Users has been changed </h2>'
call lineout tempfile,' The list of Users has been saved to: ' userfile
call lineout tempfile,' <p> The old version of 'userfile' has been moved to ' try1
call lineout tempfile,'<p> <a href="/config2.htm">Return to Intermediate Mode Configurator</a>'
call lineout tempfile,' </body> </html> '
call lineout tempfile
foo=value('SREF_REDO',1,'os2environment')
foo=sref_gos('FILE ERASE TYPE text/html NAME' tempfile)
return 'done change '
return 'done change '
/****************************/
/* remove repeats, extract secret privileges.
This will modify privs, and create privs_secret */
fix_privs:
p1=''
secp1=''
privs=translate(translate(privs,' ',','||'0d0a0900'x))
do mm=1 to words(privs)
aw1=strip(word(privs,mm))
if abbrev(aw1,'?')=1 then do
aw1=substr(aw1,2)
if wordpos(aw1,secp1)=0 then secp1=secp1||aw1||' '
end
else do
if wordpos(aw1,p1)=0 then p1=p1||aw1||' '
end
end
privs=p1
privs_secret=secp1
return 1
/* ------------------------------------------------------ */
/* query and wait on helper thread */
/* ------------------------------------------------------*/
wait_queue:procedure expose enmadd transaction semqueue host_nickname
parse arg athread
again1t:
parse var semqueue mysem myqueue
basesem='\SEM32\'||enmadd
goober=enmadd||athread
a=rxqueue('s',goober)
queue transaction ' ' host_nickname ',' myqueue ',' mysem ', *LIST* '
a=eventsem_reset(mysem)
dothread=basesem||athread
a=eventsem_post(dothread)
again2t:
a=eventsem_wait(mysem,90000) /* max wait of 90 seconds */
if a<>0 then do
ss=sref_error(mytid','athread' A Fatal Semaphore failure: 'a,1)
'response HTTP/1.1 503 Service Unavailable'
String 'Web server is temporarily busy '
exit ' '
end
a=rxqueue('s',myqueue)
parse pull aline
PARSE VAR ALINE idnum ',' aline
idnum=strip(translate(idnum,' ','000d0a'x));TRANSACTION=STRIP(TRANSACTION)
if idnum<>transaction then do /*wierd error: got someone else's message! */
ss=sref_error(mytid','athread' A Semaphore failure: 'a,1)
'response HTTP/1.1 503 Service Unavailable'
String 'Web server is temporarily busy '
exit ' '
end
return aline