1

itec 400Perl CGI

George Vaughan

Franklin University

2

Topics

• Perl CGI– CGI– CGI Scripts in Apache– Perl CGI Module (CGI.pm)– Processing Parameters– Tag Attributes– Other HTML Components

• Linux Network Services– xinetd– sshd

3

CGI

• CGI Stands for ‘Common Gateway Interface’

• HTML files on the server provide ‘static’ content.

• CGI scripts are one of several techniques for providing dynamic content.

• CGI scripts can be used for transaction processing on the Web.

4

CGI

• CGI scripts are programs that run on the server.

• CGI scripts generate context sensitive HTML output which is then sent to the browser.

• CGI scripts can process user requests or parameters sent form the browser to the server.

5

Perl CGI Scripts

• CGI scripts can be written in a variety of languages, including Shell and Perl.

• Perl is the preferred language for writing CGI scripts due to its text processing power.

• The script prints strings to standard out. These strings usually contain HTML tags and web content.

• Strings can get complicated since HTML tags also use punctuation such as double quotes.

6

Perl CGI Module (CGI.pm)

• You do not need the Perl CGI module (CGI.pm) to write CGI script in Perl.

• However, CGI.pm provides a lot of CGI support to Perl scripts, such as:– Environment information– Form Input– File Uploads– HTML generation– Error Handling

• We will see some of these features in upcoming examples…

7

Creating CGI Scripts• On Einstein, you can execute CGI scripts within your home directory.• Set up the the following directories, as follows:

1. cd $HOME2. mkdir public_html3. chmod 705 public_html4. cd $HOME/public_html5. mkdir itec4006. chmod 705 itec4007. cd $HOME/public_html/itec4008. mkdir CGI9. chmod 705 CGI

• You will place your CGI scripts in this CGI directory.• If you have a scripts named myScript.cgi in the CGI directory, you can

execute them by typing the following URL in your browser:http://cs.franklin.edu/~your-login-id/itec400/CGI/myScript.cgi

• For example, since my login id is ‘vaughang’, I would use:http://cs.franklin.edu/~vaughang/itec400/CGI/myScript.cgi

8

examples

• In the next several slides we will study examples: ex1420.cgi and ex1420.cgi

• ex1410.cgi is an example of using the object-oriented interface of the CGI module.

• ex1420.cgi is an example of using the function-oriented interface of the CGI module.

• Although the function-oriented interface is cleaner, you only have access to the default CGI object.

• With the object-oriented interface you can have many CGI objects simultaneously.

• CGI objects may also be saved in files or databases to preserve state.

9

ex1410.cgi

10

ex1410.cgi0001: #!/usr/bin/perl -w0002:0003: use CGI;0004:0005: $cgi = new CGI;0006: $time = localtime;0007:0008: print $cgi->header,0009: $cgi->start_html("George's

World"),0010: $cgi->h1("Hello World!"),0011: $cgi->h1("Local Server

Time:"),0012: $cgi->h1("$time"),0013: $cgi->end_html;

Notes:Line 3: Use the CGI perl moduleLine 5: Instantiant an object of type

CGILine 6: Get local timeLine 8-13: Big print statementLine 8: generate HTML for header.Line 9: Generate HTML for titleLines 10-12: Generate HTML for level

1 headerLine 13: Generate HTML to complete

web page

11

ex1410.cgi

• Generated HTML from ex1410.cgi

0001: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">

0002: <html><head><title>George's World</title>

0003: </head><body>

0004: <h1>Hello World!</h1>

0005: <h1>Local Server Time:</h1>

0006: <Sun Dec 5 20:14:35 2004</h1>

0007: </body></html>

12

ex1420.cgi

0001: #!/usr/bin/perl -w0002:0003: use CGI ":standard";0004:0005: $time = localtime;0006:0007: print header,0008: start_html("George's

World"),0009: h1("Hello World!"),0010: h1("Local Server Time:"),0011: h1("$time"),0012: end_html;

• Line 3: Use the CGI module with the “function-oriented” interface.

• This code produces the same results as ex1410.cgi

13

Processing Parameters

• With CGI.pm, we can process URL parameters that have been submitted to us from the browser.

• We can read the value of a parameter named ‘myParam’:$value = param(“myParam”);

• The next example illustrates this…

14

ex1430.cgi

• When I first go to the web page, this is what I see

• The CGI script has a text field for me to type in the login Name.

15

ex1430.cgi

• In this example, I type ‘apache’ as an example and press the enter key.

16

ex1430.cgi

• The CGI script produces a listing of all processes owned by user ‘apache’

17

ex1430.cgi0001 #!/usr/bin/perl -w

0002

0003 use CGI;

0004

0005 use CGI ":standard";

0006

0007 print header,

0008 start_html("ex1430"),

0009 h1("Active Processes for A User"),

0010 start_form,

0011 "Login Name: ",

0012 textfield("logname"),

0013 submit,

0014 end_form,

0015 hr;

0016

• Line 10: Create form• Line 12: Create an input field• Line 13: Create a submit button• Line 14: End the form• Line 15: Generate a horizontal rule

18

ex1430.cgi0017 if ($logname = param("logname")) {0018 open(PS_LIST, "ps -ef | egrep

^$logname |");0019 while ($line=<PS_LIST>) {0020 print $line, p;0021 }0022 print hr;0023 }

• Line 17: Test if ‘logname’ was set

• Line 18: Create an input pipe• Line 19: print each line,

followed by a new paragraph• Line 22: print another

horizontal rule.

19

Tag Attributes

• Many HTML Tags have attribute-value pairs within the tag itself, example:<H1 ALIGN=“LEFT”>Hello World!</H1>

• Such a tag can be generated by invoking the following CGI member function:h1({-align=>left}, “Hello World!”)

• Curly braces are used to distinguish between attributes and contents.

20

Other HTML Components

• CGI.pm provides functions for creating:– check boxes – groups of check boxes– groups of radio buttons– scrolling lists– pop-up menus

• The next example, ex1440.cgi illustrates the use of radio buttons with CGI.pm…

21

ex1440.cgi

• When I go to the web page, the CGI script generates a text field for me to enter a decimal number

22

ex1440.cgi

• When I enter the decimal number ‘123456’ and press the ENTER key, the CGI script produces the following result…

23

ex1440.cgi0001 #!/usr/bin/perl -w00020003 use CGI;00040005 use CGI ":standard";00060007 print header,0008 start_html("ex1440"),0009 h1({-align=>center},0010 "Number Converter"),0011 start_form,0012 "Decimal Number: ",0013 textfield("number"),0014 p,0015 radio_group(0016 -name=>'base',0017 -values=>['octal','hex'],0018 -default=>'hex'),

• Line 8: Create a centered, level 1 header

• Line 15: create a group of radio buttons:

– button group name= base– 2 buttons– default button is ‘hex’

24

ex1440.cgi0019 p,0020 submit,0021 end_form,0022 hr;00230024 if ($number = param("number")) {0025 $base = param("base");0026 if ($base eq "hex") {0027 printf("%d (dec) = %x (hex)",0028 $number, $number);0029 }0030 else {0031 printf("%d (dec) = %o (octal)",0032 $number, $number);0033 }0034 print hr;0035 }

• Line 24: Only process request if user entered a number.

• Line 26: based on radio button selection, print value either in hex or octal.

25

Linux Network Services

• The following discussion is based on Red Hat 9.0 (may be applicable to other distributions)

• Focus will be on telnet and ftp

26

xinetd

• Historically, each network service is supported by its own daemon process or processes.

• A telnet daemon would support the telnet service, the ftp daemon would support the ftp process, etc.

• Many daemons are running, often not being used.

• Each service had to worry about security from the point of connection

27

xinetd

• inetd (precursor to xinetd) was created to address the issue of the abundance of network service daemons.

• inetd was designed to listen on ports for network service requests.

• when a request arrived at a port, inetd would fork the appropriate process (ftp, telnet, etc) to service the request.

• Therefore services like ftp, telnet, etc were no longer daemons - they are now transient processes.

28

xinetd

• xinetd stands for eXtended InterNET services Daemon.• Created by Panos Tsirigotis at the University of

Colorado.• More secure than inetd - designed to prevent Denial of

Service attacks.• Can control access by:

– address of remote host– time of access– name of remote host– domain of remote host

• xinetd is sometimes referred to as the “super-server”.

29

xinetd.conf0001: #0002: # Simple configuration file for xinetd0003: #0004: # Some defaults, and include

/etc/xinetd.d/0005:0006: defaults0007: {0008: instances = 600009: log_type = SYSLOG authpriv0010: log_on_success = HOST PID0011: log_on_failure = HOST0012: cps = 25 300013: }0014:0015: includedir /etc/xinetd.d0016:

• xinetd is the name of the daemon process.

• xinetd config file: /etc/xinetd.conf

• instances: max number of simultaneous servers for a given service

• cps:– first number is max

connections per second– second number is number

of seconds to wait before re-enabling service after cps has been exceeded.

30

xinetd.d

• In addition to having a config file for the xinetd daemon itself, each supported service (ftp, telnet, etc) has its own config file in /etc/xinetd.d

[root@localhost xinetd.d]# lsamanda cups-lpd eklogin ipop3 pop3s services timeamandaidx daytime finger klogin rexec sgi_fam time-udpamidxtape daytime-udp gssftp krb5-telnet rlogin swatchargen dbskkd-cdb imap kshell rsh talkchargen-udp echo imaps ktalk rsync telnetcomsat echo-udp ipop2 ntalk servers tftp

31

xinetd.d

• Example: What follows is the configuration file for telnet:0001: # default: on0002: # description: The telnet server serves telnet sessions; it uses \0003: # unencrypted username/password pairs for authentication.0004: service telnet0005: {0006: flags = REUSE0007: socket_type = stream0008: wait = no0009: user = root0010: server = /usr/sbin/in.telnetd0011: log_on_failure += USERID0012: disable = no0013: }0014:

32

SSHD

• SSHD - OpenSSH SSH daemon

• replaces rsh and rlogin

• forks a new sshd daemon for each new connection

• communication is encrypted

• used on einstein and can comes configured on RedHat 9.0

33

SSHD

• SSHD supports:– ssh

• similar to telnet• client uses tool like putty (Windows), ssh

(Linux/Unix)

– secure ftp• similar to ftp• client uses tool like winscp2 (Windows), sftp

(Linux, Unix)

34

References

• CGI Programming with Perl by Scott Guelich, Shishir Gundavarum, and Gunther Birznieks, 2000.

• http://www.perldoc.com/perl5.6.1/lib/CGI.html• http://www.xinetd.org/faq.html• http://www.linuxfocus.org/English/November200

0/article175.shtml• http://www.macsecurity.org/resources/xinetd/tuto

rial.shtml• http://www.bgw.org/tutorials/operating_systems/

linux/inetd_tour.php3