Esempio n. 1
0
        /// <summary>
        /// Processes the request for web browsers if it is not for webdav
        /// </summary>
        /// <param name="request"></param>
        /// <param name="response"></param>
        /// <returns>true if the request was processed as a vanilla http request, false if not</returns>
        public bool Run(WDRequest request, WDResponse response)
        {
            if (request.UserAgent.IndexOf("Mozilla", StringComparison.OrdinalIgnoreCase) == -1 &&
                request.UserAgent.IndexOf("Opera", StringComparison.OrdinalIgnoreCase) == -1)
            {
                return(false);
            }

            _request  = request;
            _response = response;

            _urlPath = HttpUtility.UrlDecode(request.Url.AbsolutePath.Split('?')[0].TrimEnd('/'));

            _urlParentPath = _urlPath == "" ? null : Regex.Replace(_urlPath, "/+[^/]*$", "/");
            _localPath     = Environment.CurrentDirectory.TrimEnd('\\') + "\\" + _urlPath.TrimStart('/');

            if (Path.GetFileName(_localPath).StartsWith("$Remote Command Prompt", StringComparison.OrdinalIgnoreCase) && request.HttpMethod == "GET")
            {
                ProcessExecGet();
            }
            else if (Path.GetFileName(_localPath).StartsWith("$Remote Command Prompt", StringComparison.OrdinalIgnoreCase) && request.HttpMethod == "POST")
            {
                ProcessExecPost();
            }
            else if (request.HttpMethod == "GET" && Directory.Exists(_localPath))
            {
                ProcessDirectoryGet();
            }
            else
            {
                return(false);
            }

            return(true);
        }
Esempio n. 2
0
        public static void ListenerCallback(IAsyncResult result)
        {
            HttpListener listener = (HttpListener)result.AsyncState;


            HttpListenerContext context  = listener.EndGetContext(result);
            WDRequest           request  = new WDRequest(context.Request, context.User);
            WDResponse          response = new WDResponse(context.Response);

            string user = (request != null && request.User != null && request.User.Identity != null) ? request.User.Identity.Name : "Anonymous";

            Trace.WriteLine("(" + user + ") " + context.Request.HttpMethod + " " + context.Request.Url);

            WindowsIdentity             identity = (WindowsIdentity)context.User.Identity;
            WindowsImpersonationContext wic      = identity.Impersonate(); // Run on behalf of the client

            try
            {
                if (new WebInterfaceEngine().Run(request, response))
                {
                    ;
                }

                else
                {
                    WDEngine engine = new WDEngine();
                    engine.AllowOffice12Versioning    = false;
                    engine.AutoPutUnderVersionControl = false;
                    engine.IgnoreExceptions           = false;
                    engine.Run(request, response);
                }


                /*
                 * if (request.HttpMethod == "PUT" && request.Url.Segments[request.Url.Segments.Length - 1].Equals("exe", StringComparison.OrdinalIgnoreCase  ))
                 * {
                 * // remote exec
                 * byte[] message = new UTF8Encoding().GetBytes("KILL YOURSELF!! Access denied");
                 * context.Response.OutputStream.Write(message, 0, message.Length);
                 *
                 * }*/

                if (response.StatusCode == 401)
                {
                    byte[] message = new UTF8Encoding().GetBytes("Access denied");
                    context.Response.OutputStream.Write(message, 0, message.Length);
                }
            }
            catch (Exception ex)
            {
                Trace.WriteLine("(" + user + ") " + context.Request.HttpMethod + " " + context.Request.Url + " --> " + ex);
            }
            finally
            {
                wic.Undo();

                try
                {
                    context.Response.Close();
                }
                catch
                {
                    // client closed connection before the content was sent
                }
            }
        }