Context Navigation

← Previous Change
Next Change →

Changeset 615 for vendor/current/source3

Timestamp:

Jul 28, 2011, 4:21:02 PM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Samba 3.5: Update vendor to version 3.5.10

Location:

vendor/current/source3

Files:

: 6 edited

VERSION (modified) (1 diff)
include/version.h (modified) (1 diff)
web/cgi.c (modified) (5 diffs)
web/statuspage.c (modified) (2 diffs)
web/swat.c (modified) (24 diffs)
web/swat_proto.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

vendor/current/source3/VERSION

r597	r615
26	26	SAMBA_VERSION_MAJOR=3
27	27	SAMBA_VERSION_MINOR=5
28		SAMBA_VERSION_RELEASE=9
	28	SAMBA_VERSION_RELEASE=10
29	29
30	30	########################################################

vendor/current/source3/include/version.h

-              r597
+              r615
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 5
 #define SAMBA_VERSION_RELEASE 9
 #define SAMBA_VERSION_OFFICIAL_STRING "3.5.9"
+#define SAMBA_VERSION_RELEASE 10
+#define SAMBA_VERSION_OFFICIAL_STRING "3.5.10"
 #ifdef SAMBA_VERSION_VENDOR_FUNCTION
 #  define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION

vendor/current/source3/web/cgi.c

-              r594
+              r615
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "secrets.h"
+#include "../lib/util/util.h"
 #define MAX_VARIABLES 10000
 …
 static char *pathinfo;
 static char *C_user;
+static char *C_pass;
 static bool inetd_server;
 static bool got_request;
 …
+        }
+        setuid(0);
+        C_user = SMB_STRDUP(user);
+        if (!setuid(0)) {
+                C_pass = secrets_fetch_generic("root", "SWAT");
+                if (C_pass == NULL) {
+                        char *tmp_pass = NULL;
+                        tmp_pass = generate_random_str(talloc_tos(), 16);
+                        if (tmp_pass == NULL) {
+                                printf("%sFailed to create random nonce for "
+                                       "SWAT session\n<br>%s\n", head, tail);
+                                exit(0);
+                        }
+                        secrets_store_generic("root", "SWAT", tmp_pass);
+                        C_pass = SMB_STRDUP(tmp_pass);
+                        TALLOC_FREE(tmp_pass);
+                }
+        }
         setuid(pwd->pw_uid);
         if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
 …
                         /* Save the users name */
                         C_user = SMB_STRDUP(user);
+                        C_pass = SMB_STRDUP(user_pass);
                         TALLOC_FREE(pass);
                         return True;
 …
+}
+/***************************************************************************
+return a ptr to the users password
+  ***************************************************************************/
+char *cgi_user_pass(void)
+{
+        return(C_pass);
+}
 /***************************************************************************

vendor/current/source3/web/statuspage.c

-              r414
+              r615
         bool waitup = False;
         TALLOC_CTX *ctx = talloc_stackframe();
+        const char form_name[] = "status";
         smbd_pid = pid_to_procid(pidfile_pid("smbd"));
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) {
 …
         initPid2Machine ();
+output_page:
         printf("<H2>%s</H2>\n", _("Server Status"));
         printf("<FORM method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         if (!autorefresh) {

vendor/current/source3/web/swat.c

-              r597
+              r615
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "../lib/crypto/md5.h"
 static int demo_mode = False;
 …
 #define ENABLE_USER_FLAG "enable_user_flag"
 #define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
+#define XSRF_TIME "xsrf_time"
+#define XSRF_TIMEOUT 300
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 …
         return parmname;
+}
+void get_xsrf_token(const char *username, const char *pass,
+                    const char *formname, time_t xsrf_time, char token_str[33])
+{
+        struct MD5Context md5_ctx;
+        uint8_t token[16];
+        int i;
+        token_str[0] = '\0';
+        ZERO_STRUCT(md5_ctx);
+        MD5Init(&md5_ctx);
+        MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+        MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
+        if (username != NULL) {
+                MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+        }
+        if (pass != NULL) {
+                MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+        }
+        MD5Final(token, &md5_ctx);
+        for(i = 0; i < sizeof(token); i++) {
+                char tmp[3];
+                snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+                strncat(token_str, tmp, sizeof(tmp));
+        }
+}
+void print_xsrf_token(const char *username, const char *pass,
+                      const char *formname)
+{
+        char token[33];
+        time_t xsrf_time = time(NULL);
+        get_xsrf_token(username, pass, formname, xsrf_time, token);
+        printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
+               XSRF_TOKEN, token);
+        printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n",
+               XSRF_TIME, (long long int)xsrf_time);
+}
+bool verify_xsrf_token(const char *formname)
+{
+        char expected[33];
+        const char *username = cgi_user_name();
+        const char *pass = cgi_user_pass();
+        const char *token = cgi_variable_nonull(XSRF_TOKEN);
+        const char *time_str = cgi_variable_nonull(XSRF_TIME);
+        time_t xsrf_time = 0;
+        time_t now = time(NULL);
+        if (sizeof(time_t) == sizeof(int)) {
+                xsrf_time = atoi(time_str);
+        } else if (sizeof(time_t) == sizeof(long)) {
+                xsrf_time = atol(time_str);
+        } else if (sizeof(time_t) == sizeof(long long)) {
+                xsrf_time = atoll(time_str);
+        }
+        if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
+                return false;
+        }
+        get_xsrf_token(username, pass, formname, xsrf_time, expected);
+        return (strncmp(expected, token, sizeof(expected)) == 0);
+}
 /****************************************************************************
 …
+{
         int full_view=0;
+        const char form_name[] = "viewconfig";
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (cgi_variable("full_view")) {
 …
+        }
+output_page:
         printf("<H2>%s</H2>\n", _("Current Config"));
         printf("<form method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         if (full_view) {
 …
+{
         unsigned int parm_filter = FLAG_WIZARD;
+        const char form_name[] = "wizard_params";
         /* Here we first set and commit all the parameters that were selected
 …
         printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (cgi_variable("Commit")) {
 …
+        }
+output_page:
         printf("<form name=\"swatform\" method=post action=wizard_params>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         if (have_write_access) {
 …
         int HomeExpo = 0;
         int SerType = 0;
+        const char form_name[] = "wizard";
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (cgi_variable("Rewrite")) {
 …
         role = lp_server_role();
+output_page:
         /* Here we go ... */
         printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
         printf("<form method=post action=wizard>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         if (have_write_access) {
 …
         unsigned int parm_filter = FLAG_BASIC;
         int mode = 0;
+        const char form_name[] = "globals";
         printf("<H2>%s</H2>\n", _("Global Parameters"));
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (cgi_variable("Commit")) {
 …
                 mode = 1;
+output_page:
         printf("<form name=\"swatform\" method=post action=globals>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         ViewModeBoxes( mode );
 …
         unsigned int parm_filter = FLAG_BASIC;
         size_t converted_size;
+        const char form_name[] = "shares";
+        printf("<H2>%s</H2>\n", _("Share Parameters"));
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (share)
                 snum = lp_servicenumber(share);
-        printf("<H2>%s</H2>\n", _("Share Parameters"));
         if (cgi_variable("Commit") && snum >= 0) {
 …
+        }
-        printf("<FORM name=\"swatform\" method=post>\n");
-        printf("<table>\n");
         if ( cgi_variable("ViewMode") )
                 mode = atoi(cgi_variable_nonull("ViewMode"));
 …
         if ( cgi_variable("AdvMode"))
                 mode = 1;
+output_page:
+        printf("<FORM name=\"swatform\" method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+        printf("<table>\n");
         ViewModeBoxes( mode );
 …
                 printf("<p>");
                 if (rslt == True) {
+                        printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
+                        printf("\n");
+                        printf("%s\n", _(" The passwd has been changed."));
                 } else {
+                        printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
+                        printf("\n");
+                        printf("%s\n", _(" The passwd has NOT been changed."));
+                }
+        }
 …
+{
         const char *new_name = cgi_user_name();
+        /*
+         * After the first time through here be nice. If the user
+         * changed the User box text to another users name, remember it.
+         */
+        if (cgi_variable(SWAT_USER)) {
+                new_name = cgi_variable_nonull(SWAT_USER);
+        }
+        const char passwd_form[] = "passwd";
+        const char rpasswd_form[] = "rpasswd";
         if (!new_name) new_name = "";
 …
         printf("<FORM name=\"swatform\" method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form);
         printf("<table>\n");
 …
          * requested. It could be this is the first time through this
          * code, so there isn't anything to do.  */
+        if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
+            (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
+        if (verify_xsrf_token(passwd_form) &&
+           ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
+            (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) {
                 chg_passwd();
+        }
 …
         printf("<FORM name=\"swatform\" method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form);
         printf("<table>\n");
 …
          * is the first time through this code, so there isn't
          * anything to do.  */
         if (cgi_variable(CHG_R_PASSWD_FLAG)) {
+        if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) {
                 chg_passwd();
+        }
 …
         int mode = 0;
         unsigned int parm_filter = FLAG_BASIC;
+        const char form_name[] = "printers";
+        if (!verify_xsrf_token(form_name)) {
+                goto output_page;
+        }
         if (share)
                 snum = lp_servicenumber(share);
-        printf("<H2>%s</H2>\n", _("Printer Parameters"));
-        printf("<H3>%s</H3>\n", _("Important Note:"));
-        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
-        printf("%s",_("are autoloaded printers from "));
-        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
-        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
         if (cgi_variable("Commit") && snum >= 0) {
 …
+        }
-        printf("<FORM name=\"swatform\" method=post>\n");
         if ( cgi_variable("ViewMode") )
                 mode = atoi(cgi_variable_nonull("ViewMode"));
 …
         if ( cgi_variable("AdvMode"))
                 mode = 1;
+output_page:
+        printf("<H2>%s</H2>\n", _("Printer Parameters"));
+        printf("<H3>%s</H3>\n", _("Important Note:"));
+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
+        printf("%s",_("are autoloaded printers from "));
+        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
+        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
+        printf("<FORM name=\"swatform\" method=post>\n");
+        print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
         ViewModeBoxes( mode );

vendor/current/source3/web/swat_proto.h

-              r414
+              r615
 bool am_root(void);
 char *cgi_user_name(void);
+char *cgi_user_pass(void);
 void cgi_setup(const char *rootdir, int auth_required);
 const char *cgi_baseurl(void);
 …
 const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
+void get_xsrf_token(const char *username, const char *pass,
+                    const char *formname, time_t xsrf_time, char token_str[33]);
+void print_xsrf_token(const char *username, const char *pass,
+                      const char *formname);
+bool verify_xsrf_token(const char *formname);
 #endif /*  _SWAT_PROTO_H_  */

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: