Changeset 614 for branches/samba-3.3.x/source/web/swat.c
- Timestamp:
- Jul 27, 2011, 5:37:12 PM (14 years ago)
- File:
-
- 1 edited
-
branches/samba-3.3.x/source/web/swat.c (modified) (23 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/source/web/swat.c
r290 r614 51 51 #define ENABLE_USER_FLAG "enable_user_flag" 52 52 #define RHOST "remote_host" 53 #define XSRF_TOKEN "xsrf" 54 #define XSRF_TIME "xsrf_time" 55 #define XSRF_TIMEOUT 300 53 56 54 57 #define _(x) lang_msg_rotate(talloc_tos(),x) … … 138 141 return parmname; 139 142 } 143 144 void get_xsrf_token(const char *username, const char *pass, 145 const char *formname, time_t xsrf_time, char token_str[33]) 146 { 147 struct MD5Context md5_ctx; 148 uint8_t token[16]; 149 int i; 150 151 token_str[0] = '\0'; 152 ZERO_STRUCT(md5_ctx); 153 MD5Init(&md5_ctx); 154 155 MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); 156 MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t)); 157 if (username != NULL) { 158 MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); 159 } 160 if (pass != NULL) { 161 MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); 162 } 163 164 MD5Final(token, &md5_ctx); 165 166 for(i = 0; i < sizeof(token); i++) { 167 char tmp[3]; 168 169 snprintf(tmp, sizeof(tmp), "%02x", token[i]); 170 strncat(token_str, tmp, sizeof(tmp)); 171 } 172 } 173 174 void print_xsrf_token(const char *username, const char *pass, 175 const char *formname) 176 { 177 char token[33]; 178 time_t xsrf_time = time(NULL); 179 180 get_xsrf_token(username, pass, formname, xsrf_time, token); 181 printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n", 182 XSRF_TOKEN, token); 183 printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n", 184 XSRF_TIME, (long long int)xsrf_time); 185 } 186 187 bool verify_xsrf_token(const char *formname) 188 { 189 char expected[33]; 190 const char *username = cgi_user_name(); 191 const char *pass = cgi_user_pass(); 192 const char *token = cgi_variable_nonull(XSRF_TOKEN); 193 const char *time_str = cgi_variable_nonull(XSRF_TIME); 194 time_t xsrf_time = 0; 195 time_t now = time(NULL); 196 197 if (sizeof(time_t) == sizeof(int)) { 198 xsrf_time = atoi(time_str); 199 } else if (sizeof(time_t) == sizeof(long)) { 200 xsrf_time = atol(time_str); 201 } else if (sizeof(time_t) == sizeof(long long)) { 202 xsrf_time = atoll(time_str); 203 } 204 205 if (abs(now - xsrf_time) > XSRF_TIMEOUT) { 206 return false; 207 } 208 209 get_xsrf_token(username, pass, formname, xsrf_time, expected); 210 return (strncmp(expected, token, sizeof(expected)) == 0); 211 } 212 140 213 141 214 /**************************************************************************** … … 611 684 { 612 685 int full_view=0; 686 const char form_name[] = "viewconfig"; 687 688 if (!verify_xsrf_token(form_name)) { 689 goto output_page; 690 } 613 691 614 692 if (cgi_variable("full_view")) { … … 616 694 } 617 695 696 output_page: 618 697 printf("<H2>%s</H2>\n", _("Current Config")); 619 698 printf("<form method=post>\n"); 699 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 620 700 621 701 if (full_view) { … … 637 717 { 638 718 unsigned int parm_filter = FLAG_WIZARD; 719 const char form_name[] = "wizard_params"; 639 720 640 721 /* Here we first set and commit all the parameters that were selected … … 642 723 643 724 printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page")); 725 726 if (!verify_xsrf_token(form_name)) { 727 goto output_page; 728 } 644 729 645 730 if (cgi_variable("Commit")) { … … 648 733 } 649 734 735 output_page: 650 736 printf("<form name=\"swatform\" method=post action=wizard_params>\n"); 737 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 651 738 652 739 if (have_write_access) { … … 684 771 int HomeExpo = 0; 685 772 int SerType = 0; 773 const char form_name[] = "wizard"; 774 775 if (!verify_xsrf_token(form_name)) { 776 goto output_page; 777 } 686 778 687 779 if (cgi_variable("Rewrite")) { … … 774 866 775 867 role = lp_server_role(); 776 868 869 output_page: 777 870 /* Here we go ... */ 778 871 printf("<H2>%s</H2>\n", _("Samba Configuration Wizard")); 779 872 printf("<form method=post action=wizard>\n"); 873 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 780 874 781 875 if (have_write_access) { … … 846 940 unsigned int parm_filter = FLAG_BASIC; 847 941 int mode = 0; 942 const char form_name[] = "globals"; 848 943 849 944 printf("<H2>%s</H2>\n", _("Global Parameters")); 945 946 if (!verify_xsrf_token(form_name)) { 947 goto output_page; 948 } 850 949 851 950 if (cgi_variable("Commit")) { … … 861 960 mode = 1; 862 961 962 output_page: 863 963 printf("<form name=\"swatform\" method=post action=globals>\n"); 964 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 864 965 865 966 ViewModeBoxes( mode ); … … 901 1002 unsigned int parm_filter = FLAG_BASIC; 902 1003 size_t converted_size; 1004 const char form_name[] = "shares"; 1005 1006 printf("<H2>%s</H2>\n", _("Share Parameters")); 1007 1008 if (!verify_xsrf_token(form_name)) { 1009 goto output_page; 1010 } 903 1011 904 1012 if (share) 905 1013 snum = lp_servicenumber(share); 906 1014 907 printf("<H2>%s</H2>\n", _("Share Parameters"));908 1015 909 1016 if (cgi_variable("Commit") && snum >= 0) { … … 931 1038 } 932 1039 933 printf("<FORM name=\"swatform\" method=post>\n");934 935 printf("<table>\n");936 937 1040 if ( cgi_variable("ViewMode") ) 938 1041 mode = atoi(cgi_variable_nonull("ViewMode")); … … 941 1044 if ( cgi_variable("AdvMode")) 942 1045 mode = 1; 1046 1047 output_page: 1048 printf("<FORM name=\"swatform\" method=post>\n"); 1049 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 1050 1051 printf("<table>\n"); 943 1052 944 1053 ViewModeBoxes( mode ); … … 1121 1230 printf("<p>"); 1122 1231 if (rslt == True) { 1123 printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); 1124 printf("\n"); 1232 printf("%s\n", _(" The passwd has been changed.")); 1125 1233 } else { 1126 printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); 1127 printf("\n"); 1234 printf("%s\n", _(" The passwd has NOT been changed.")); 1128 1235 } 1129 1236 } … … 1138 1245 { 1139 1246 const char *new_name = cgi_user_name(); 1140 1141 /* 1142 * After the first time through here be nice. If the user 1143 * changed the User box text to another users name, remember it. 1144 */ 1145 if (cgi_variable(SWAT_USER)) { 1146 new_name = cgi_variable_nonull(SWAT_USER); 1147 } 1247 const char passwd_form[] = "passwd"; 1248 const char rpasswd_form[] = "rpasswd"; 1148 1249 1149 1250 if (!new_name) new_name = ""; … … 1152 1253 1153 1254 printf("<FORM name=\"swatform\" method=post>\n"); 1255 print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form); 1154 1256 1155 1257 printf("<table>\n"); … … 1191 1293 * requested. It could be this is the first time through this 1192 1294 * code, so there isn't anything to do. */ 1193 if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || 1194 (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) { 1295 if (verify_xsrf_token(passwd_form) && 1296 ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || 1297 (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) { 1195 1298 chg_passwd(); 1196 1299 } … … 1199 1302 1200 1303 printf("<FORM name=\"swatform\" method=post>\n"); 1304 print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form); 1201 1305 1202 1306 printf("<table>\n"); … … 1231 1335 * is the first time through this code, so there isn't 1232 1336 * anything to do. */ 1233 if ( cgi_variable(CHG_R_PASSWD_FLAG)) {1337 if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) { 1234 1338 chg_passwd(); 1235 1339 } … … 1248 1352 int mode = 0; 1249 1353 unsigned int parm_filter = FLAG_BASIC; 1354 const char form_name[] = "printers"; 1355 1356 if (!verify_xsrf_token(form_name)) { 1357 goto output_page; 1358 } 1250 1359 1251 1360 if (share) 1252 1361 snum = lp_servicenumber(share); 1253 1254 printf("<H2>%s</H2>\n", _("Printer Parameters"));1255 1256 printf("<H3>%s</H3>\n", _("Important Note:"));1257 printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));1258 printf("%s",_("are autoloaded printers from "));1259 printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));1260 printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));1261 1362 1262 1363 if (cgi_variable("Commit") && snum >= 0) { … … 1288 1389 } 1289 1390 1290 printf("<FORM name=\"swatform\" method=post>\n");1291 1292 1391 if ( cgi_variable("ViewMode") ) 1293 1392 mode = atoi(cgi_variable_nonull("ViewMode")); … … 1296 1395 if ( cgi_variable("AdvMode")) 1297 1396 mode = 1; 1397 1398 output_page: 1399 printf("<H2>%s</H2>\n", _("Printer Parameters")); 1400 1401 printf("<H3>%s</H3>\n", _("Important Note:")); 1402 printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); 1403 printf("%s",_("are autoloaded printers from ")); 1404 printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); 1405 printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); 1406 1407 1408 printf("<FORM name=\"swatform\" method=post>\n"); 1409 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 1298 1410 1299 1411 ViewModeBoxes( mode );
Note:
See TracChangeset
for help on using the changeset viewer.
