Changeset 614 for branches/samba-3.3.x/source/web/cgi.c

Timestamp:

Jul 27, 2011, 5:37:12 PM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3 to 3.3.16 (security update)

File:

• branches/samba-3.3.x/source/web/cgi.c (modified) (5 diffs)

branches/samba-3.3.x/source/web/cgi.c

@@ -20 +20 @@
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "secrets.h"
 
 #define MAX_VARIABLES 10000
@@ -43 +44 @@
 static char *pathinfo;
 static char *C_user;
+static char *C_pass;
 static bool inetd_server;
 static bool got_request;
@@ -322 +324 @@
         }
 
-        setuid(0);
+        C_user = SMB_STRDUP(user);
+
+        if (!setuid(0)) {
+                C_pass = secrets_fetch_generic("root", "SWAT");
+                if (C_pass == NULL) {
+                        char *tmp_pass = NULL;
+                        tmp_pass = generate_random_str(16);
+                        if (tmp_pass == NULL) {
+                                printf("%sFailed to create random nonce for "
+                                       "SWAT session\n<br>%s\n", head, tail);
+                                exit(0);
+                        }
+                        secrets_store_generic("root", "SWAT", tmp_pass);
+                        C_pass = SMB_STRDUP(tmp_pass);
+                }
+        }
         setuid(pwd->pw_uid);
         if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
@@ -391 +408 @@
                         /* Save the users name */
                         C_user = SMB_STRDUP(user);
+                        C_pass = SMB_STRDUP(user_pass);
                         TALLOC_FREE(pass);
                         return True;
@@ -425 +443 @@
 }
 
+/***************************************************************************
+return a ptr to the users password
+  ***************************************************************************/
+char *cgi_user_pass(void)
+{
+        return(C_pass);
+}
 
 /***************************************************************************