17 char *encpath = getenv("QUERY_STRING");
18 login_and_setup(); // will clear the environment
19 if (encpath == NULL) senderr("no query string received", NOTMYFAULT);
21 // OK, we're authenticated. Drop our fsuid to the user's.
22 // Yes, there's no error indication apart from this kludge. Sucks.
23 setfsuid(session.uid);
24 if (setfsuid(session.uid) != session.uid) senderr("setfsuid failed", MYFAULT);
26 // Do what the user wants us to do.
27 char path[strlen(encpath)/2+1];
28 unhex((unsigned char *)path, encpath, strlen(encpath));
29 path[strlen(encpath)/2] = 0;
32 snprintf(errstr, 128, "can't access that path: %s", strerror(errno));
33 senderr(errstr, NOTMYFAULT);
35 DIR *dir = opendir(".");
38 snprintf(errstr, 128, "can't open that path for reading: %s", strerror(errno));
39 senderr(errstr, NOTMYFAULT);
42 // The directory was opened successfully - send our success header.
43 puts("Status: 200 here's your listing");
44 puts("X-Frame-Options: DENY");
45 puts("Content-Type: text/plain;charset=utf8");
48 // send one line per file
50 char encfilename[NAME_MAX*2+1];
51 while ((dent = readdir(dir)) != NULL) {
52 size_t name_len = strlen(dent->d_name);
53 hex(encfilename, (unsigned char *)dent->d_name, name_len);
54 encfilename[name_len*2] = 0;
56 // if we can't really see the file anyway, skip it
57 if (lstat(dent->d_name, &st)) continue;
58 printf("%s %lu %u\n", encfilename, (unsigned long)st.st_size, (unsigned int)st.st_mode);