Apparently, CGI mode is hard to figure out. Added an example showing how to

use it.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@173 0da03de8-d603-11dd-86c2-0f8696b7b6f9
This commit is contained in:
zodiac 2009-08-17 17:14:32 +00:00
parent 15e91a32f7
commit dfe41ce244
5 changed files with 47 additions and 1 deletions

View file

@ -36,6 +36,7 @@ EXTRA_DIST = demo/beep.wav \
shellinabox/shellinaboxd.man.in \ shellinabox/shellinaboxd.man.in \
shellinabox/shell_in_a_box.js \ shellinabox/shell_in_a_box.js \
shellinabox/vt100.js \ shellinabox/vt100.js \
shellinabox/cgi-mode-example.sh \
debian/README \ debian/README \
debian/README.available \ debian/README.available \
debian/README.enabled \ debian/README.enabled \

View file

@ -276,6 +276,7 @@ EXTRA_DIST = demo/beep.wav \
shellinabox/shellinaboxd.man.in \ shellinabox/shellinaboxd.man.in \
shellinabox/shell_in_a_box.js \ shellinabox/shell_in_a_box.js \
shellinabox/vt100.js \ shellinabox/vt100.js \
shellinabox/cgi-mode-example.sh \
debian/README \ debian/README \
debian/README.available \ debian/README.available \
debian/README.enabled \ debian/README.enabled \

1
debian/docs vendored
View file

@ -5,3 +5,4 @@ INSTALL
NEWS NEWS
README README
TODO TODO
shellinabox/cgi-mode-example.sh

43
shellinabox/cgi-mode-example.sh Executable file
View file

@ -0,0 +1,43 @@
#!/bin/bash
# This is a simple demo CGI script that illustrates how to use ShellInABox in
# CGI mode.
case "${REQUEST_METHOD}" in
POST)
# Retrieve CGI parameter, then start shellinabox with this command
read parms
parms="$(printf "$(echo "${parms}"|sed -e 's/%\(..\)/\\x\1/g;s/%/%%/g')")"
parms="${parms#cmd=}"
shellinaboxd --cgi -t -s "/:$(id -u):$(id -g):HOME:${parms}"
;;
*) # First time that the CGI script was called. Show initial HTML page.
printf 'Content-Type: text/html\r\n\r\n'
cat <<EOF
<html>
<head>
<title>Demo CGI for ShellInABox</title>
</head>
<body>
<h1>Shell In A Box</h1>
<p>This is a demo CGI script for ShellInABox. It shows how to execute
ShellInABox in one-shot CGI mode.</p>
<p>Please note that we do not implement any access controls. So, this
script is unsafe to use on any untrusted network. It allows anybody
on the Internet to run arbitrary commands on your computer!</p>
<p>Use this as a template to write your own custom application -- and
don't forget to add appropriate access controls.</p>
<p>Enter command to run:
<form method="POST">
<input type="text" name="cmd" style="width: 40em" value="/bin/bash" />
</form>
</p>
</body>
EOF
;;
esac

View file

@ -1220,7 +1220,7 @@ int main(int argc, char * const argv[]) {
printf("X-ShellInABox-Port: %d\r\n" printf("X-ShellInABox-Port: %d\r\n"
"X-ShellInABox-Pid: %d\r\n" "X-ShellInABox-Pid: %d\r\n"
"Content-type: text/html; charset=utf-8\r\n\r\n", "Content-type: text/html; charset=utf-8\r\n\r\n",
port, pid); port, getpid());
printfUnchecked(cgiRoot, port, cgiSessionKey); printfUnchecked(cgiRoot, port, cgiSessionKey);
fflush(stdout); fflush(stdout);
free(cgiRoot); free(cgiRoot);