Post on 06-Jan-2016
description
1
itec 400Perl CGI
George Vaughan
Franklin University
2
Topics
• Perl CGI– CGI– CGI Scripts in Apache– Perl CGI Module (CGI.pm)– Processing Parameters– Tag Attributes– Other HTML Components
• Linux Network Services– xinetd– sshd
3
CGI
• CGI Stands for ‘Common Gateway Interface’
• HTML files on the server provide ‘static’ content.
• CGI scripts are one of several techniques for providing dynamic content.
• CGI scripts can be used for transaction processing on the Web.
4
CGI
• CGI scripts are programs that run on the server.
• CGI scripts generate context sensitive HTML output which is then sent to the browser.
• CGI scripts can process user requests or parameters sent form the browser to the server.
5
Perl CGI Scripts
• CGI scripts can be written in a variety of languages, including Shell and Perl.
• Perl is the preferred language for writing CGI scripts due to its text processing power.
• The script prints strings to standard out. These strings usually contain HTML tags and web content.
• Strings can get complicated since HTML tags also use punctuation such as double quotes.
6
Perl CGI Module (CGI.pm)
• You do not need the Perl CGI module (CGI.pm) to write CGI script in Perl.
• However, CGI.pm provides a lot of CGI support to Perl scripts, such as:– Environment information– Form Input– File Uploads– HTML generation– Error Handling
• We will see some of these features in upcoming examples…
7
Creating CGI Scripts• On Einstein, you can execute CGI scripts within your home directory.• Set up the the following directories, as follows:
1. cd $HOME2. mkdir public_html3. chmod 705 public_html4. cd $HOME/public_html5. mkdir itec4006. chmod 705 itec4007. cd $HOME/public_html/itec4008. mkdir CGI9. chmod 705 CGI
• You will place your CGI scripts in this CGI directory.• If you have a scripts named myScript.cgi in the CGI directory, you can
execute them by typing the following URL in your browser:http://cs.franklin.edu/~your-login-id/itec400/CGI/myScript.cgi
• For example, since my login id is ‘vaughang’, I would use:http://cs.franklin.edu/~vaughang/itec400/CGI/myScript.cgi
8
examples
• In the next several slides we will study examples: ex1420.cgi and ex1420.cgi
• ex1410.cgi is an example of using the object-oriented interface of the CGI module.
• ex1420.cgi is an example of using the function-oriented interface of the CGI module.
• Although the function-oriented interface is cleaner, you only have access to the default CGI object.
• With the object-oriented interface you can have many CGI objects simultaneously.
• CGI objects may also be saved in files or databases to preserve state.
9
ex1410.cgi
10
ex1410.cgi0001: #!/usr/bin/perl -w0002:0003: use CGI;0004:0005: $cgi = new CGI;0006: $time = localtime;0007:0008: print $cgi->header,0009: $cgi->start_html("George's
World"),0010: $cgi->h1("Hello World!"),0011: $cgi->h1("Local Server
Time:"),0012: $cgi->h1("$time"),0013: $cgi->end_html;
Notes:Line 3: Use the CGI perl moduleLine 5: Instantiant an object of type
CGILine 6: Get local timeLine 8-13: Big print statementLine 8: generate HTML for header.Line 9: Generate HTML for titleLines 10-12: Generate HTML for level
1 headerLine 13: Generate HTML to complete
web page
11
ex1410.cgi
• Generated HTML from ex1410.cgi
0001: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
0002: <html><head><title>George's World</title>
0003: </head><body>
0004: <h1>Hello World!</h1>
0005: <h1>Local Server Time:</h1>
0006: <Sun Dec 5 20:14:35 2004</h1>
0007: </body></html>
12
ex1420.cgi
0001: #!/usr/bin/perl -w0002:0003: use CGI ":standard";0004:0005: $time = localtime;0006:0007: print header,0008: start_html("George's
World"),0009: h1("Hello World!"),0010: h1("Local Server Time:"),0011: h1("$time"),0012: end_html;
• Line 3: Use the CGI module with the “function-oriented” interface.
• This code produces the same results as ex1410.cgi
13
Processing Parameters
• With CGI.pm, we can process URL parameters that have been submitted to us from the browser.
• We can read the value of a parameter named ‘myParam’:$value = param(“myParam”);
• The next example illustrates this…
14
ex1430.cgi
• When I first go to the web page, this is what I see
• The CGI script has a text field for me to type in the login Name.
15
ex1430.cgi
• In this example, I type ‘apache’ as an example and press the enter key.
16
ex1430.cgi
• The CGI script produces a listing of all processes owned by user ‘apache’
17
ex1430.cgi0001 #!/usr/bin/perl -w
0002
0003 use CGI;
0004
0005 use CGI ":standard";
0006
0007 print header,
0008 start_html("ex1430"),
0009 h1("Active Processes for A User"),
0010 start_form,
0011 "Login Name: ",
0012 textfield("logname"),
0013 submit,
0014 end_form,
0015 hr;
0016
• Line 10: Create form• Line 12: Create an input field• Line 13: Create a submit button• Line 14: End the form• Line 15: Generate a horizontal rule
18
ex1430.cgi0017 if ($logname = param("logname")) {0018 open(PS_LIST, "ps -ef | egrep
^$logname |");0019 while ($line=<PS_LIST>) {0020 print $line, p;0021 }0022 print hr;0023 }
• Line 17: Test if ‘logname’ was set
• Line 18: Create an input pipe• Line 19: print each line,
followed by a new paragraph• Line 22: print another
horizontal rule.
19
Tag Attributes
• Many HTML Tags have attribute-value pairs within the tag itself, example:<H1 ALIGN=“LEFT”>Hello World!</H1>
• Such a tag can be generated by invoking the following CGI member function:h1({-align=>left}, “Hello World!”)
• Curly braces are used to distinguish between attributes and contents.
20
Other HTML Components
• CGI.pm provides functions for creating:– check boxes – groups of check boxes– groups of radio buttons– scrolling lists– pop-up menus
• The next example, ex1440.cgi illustrates the use of radio buttons with CGI.pm…
21
ex1440.cgi
• When I go to the web page, the CGI script generates a text field for me to enter a decimal number
22
ex1440.cgi
• When I enter the decimal number ‘123456’ and press the ENTER key, the CGI script produces the following result…
23
ex1440.cgi0001 #!/usr/bin/perl -w00020003 use CGI;00040005 use CGI ":standard";00060007 print header,0008 start_html("ex1440"),0009 h1({-align=>center},0010 "Number Converter"),0011 start_form,0012 "Decimal Number: ",0013 textfield("number"),0014 p,0015 radio_group(0016 -name=>'base',0017 -values=>['octal','hex'],0018 -default=>'hex'),
• Line 8: Create a centered, level 1 header
• Line 15: create a group of radio buttons:
– button group name= base– 2 buttons– default button is ‘hex’
24
ex1440.cgi0019 p,0020 submit,0021 end_form,0022 hr;00230024 if ($number = param("number")) {0025 $base = param("base");0026 if ($base eq "hex") {0027 printf("%d (dec) = %x (hex)",0028 $number, $number);0029 }0030 else {0031 printf("%d (dec) = %o (octal)",0032 $number, $number);0033 }0034 print hr;0035 }
• Line 24: Only process request if user entered a number.
• Line 26: based on radio button selection, print value either in hex or octal.
25
Linux Network Services
• The following discussion is based on Red Hat 9.0 (may be applicable to other distributions)
• Focus will be on telnet and ftp
26
xinetd
• Historically, each network service is supported by its own daemon process or processes.
• A telnet daemon would support the telnet service, the ftp daemon would support the ftp process, etc.
• Many daemons are running, often not being used.
• Each service had to worry about security from the point of connection
27
xinetd
• inetd (precursor to xinetd) was created to address the issue of the abundance of network service daemons.
• inetd was designed to listen on ports for network service requests.
• when a request arrived at a port, inetd would fork the appropriate process (ftp, telnet, etc) to service the request.
• Therefore services like ftp, telnet, etc were no longer daemons - they are now transient processes.
28
xinetd
• xinetd stands for eXtended InterNET services Daemon.• Created by Panos Tsirigotis at the University of
Colorado.• More secure than inetd - designed to prevent Denial of
Service attacks.• Can control access by:
– address of remote host– time of access– name of remote host– domain of remote host
• xinetd is sometimes referred to as the “super-server”.
29
xinetd.conf0001: #0002: # Simple configuration file for xinetd0003: #0004: # Some defaults, and include
/etc/xinetd.d/0005:0006: defaults0007: {0008: instances = 600009: log_type = SYSLOG authpriv0010: log_on_success = HOST PID0011: log_on_failure = HOST0012: cps = 25 300013: }0014:0015: includedir /etc/xinetd.d0016:
• xinetd is the name of the daemon process.
• xinetd config file: /etc/xinetd.conf
• instances: max number of simultaneous servers for a given service
• cps:– first number is max
connections per second– second number is number
of seconds to wait before re-enabling service after cps has been exceeded.
30
xinetd.d
• In addition to having a config file for the xinetd daemon itself, each supported service (ftp, telnet, etc) has its own config file in /etc/xinetd.d
[root@localhost xinetd.d]# lsamanda cups-lpd eklogin ipop3 pop3s services timeamandaidx daytime finger klogin rexec sgi_fam time-udpamidxtape daytime-udp gssftp krb5-telnet rlogin swatchargen dbskkd-cdb imap kshell rsh talkchargen-udp echo imaps ktalk rsync telnetcomsat echo-udp ipop2 ntalk servers tftp
31
xinetd.d
• Example: What follows is the configuration file for telnet:0001: # default: on0002: # description: The telnet server serves telnet sessions; it uses \0003: # unencrypted username/password pairs for authentication.0004: service telnet0005: {0006: flags = REUSE0007: socket_type = stream0008: wait = no0009: user = root0010: server = /usr/sbin/in.telnetd0011: log_on_failure += USERID0012: disable = no0013: }0014:
32
SSHD
• SSHD - OpenSSH SSH daemon
• replaces rsh and rlogin
• forks a new sshd daemon for each new connection
• communication is encrypted
• used on einstein and can comes configured on RedHat 9.0
33
SSHD
• SSHD supports:– ssh
• similar to telnet• client uses tool like putty (Windows), ssh
(Linux/Unix)
– secure ftp• similar to ftp• client uses tool like winscp2 (Windows), sftp
(Linux, Unix)
34
References
• CGI Programming with Perl by Scott Guelich, Shishir Gundavarum, and Gunther Birznieks, 2000.
• http://www.perldoc.com/perl5.6.1/lib/CGI.html• http://www.xinetd.org/faq.html• http://www.linuxfocus.org/English/November200
0/article175.shtml• http://www.macsecurity.org/resources/xinetd/tuto
rial.shtml• http://www.bgw.org/tutorials/operating_systems/
linux/inetd_tour.php3