version one

[cwebfiles.git] / listdir.c

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include "cwebfiles.h"
#include <sys/types.h>
#include <dirent.h>
#include <unistd.h>
#include <sys/fsuid.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include <sys/stat.h>

int main() {
  FASTOUTPUT
  
  char *encpath = getenv("QUERY_STRING");
  login_and_setup(); // will clear the environment
  if (encpath == NULL) senderr("no query string received", NOTMYFAULT);
  
  // OK, we're authenticated. Drop our fsuid to the user's.
  // Yes, there's no error indication apart from this kludge. Sucks.
  setfsuid(session.uid);
  if (setfsuid(session.uid) != session.uid) senderr("setfsuid failed", MYFAULT);
  
  // Do what the user wants us to do.
  char path[strlen(encpath)/2+1];
  unhex((unsigned char *)path, encpath, strlen(encpath));
  path[strlen(encpath)/2] = 0;
  if (chdir(path)) {
    char errstr[128];
    snprintf(errstr, 128, "can't access that path: %s", strerror(errno));
    senderr(errstr, NOTMYFAULT);
  }
  DIR *dir = opendir(".");
  if (dir == NULL) {
    char errstr[128];
    snprintf(errstr, 128, "can't open that path for reading: %s", strerror(errno));
    senderr(errstr, NOTMYFAULT);
  }
  
  // The directory was opened successfully - send our success header.
  puts("Status: 200 here's your listing");
  puts("X-Frame-Options: DENY");
  puts("Content-Type: text/plain;charset=utf8");
  puts("");
  
  // send one line per file
  struct dirent *dent;
  char encfilename[NAME_MAX*2+1];
  while ((dent = readdir(dir)) != NULL) {
    size_t name_len = strlen(dent->d_name);
    hex(encfilename, (unsigned char *)dent->d_name, name_len);
    encfilename[name_len*2] = 0;
    struct stat st;
    // if we can't really see the file anyway, skip it
    if (lstat(dent->d_name, &st)) continue;
    printf("%s %lu %u\n", encfilename, (unsigned long)st.st_size, (unsigned int)st.st_mode);
  }
}