Changeset 615 for vendor/current/source3/web/swat.c
- Timestamp:
- Jul 28, 2011, 4:21:02 PM (14 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/web/swat.c (modified) (24 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/web/swat.c
r597 r615 30 30 #include "includes.h" 31 31 #include "web/swat_proto.h" 32 #include "../lib/crypto/md5.h" 32 33 33 34 static int demo_mode = False; … … 51 52 #define ENABLE_USER_FLAG "enable_user_flag" 52 53 #define RHOST "remote_host" 54 #define XSRF_TOKEN "xsrf" 55 #define XSRF_TIME "xsrf_time" 56 #define XSRF_TIMEOUT 300 53 57 54 58 #define _(x) lang_msg_rotate(talloc_tos(),x) … … 138 142 return parmname; 139 143 } 144 145 void get_xsrf_token(const char *username, const char *pass, 146 const char *formname, time_t xsrf_time, char token_str[33]) 147 { 148 struct MD5Context md5_ctx; 149 uint8_t token[16]; 150 int i; 151 152 token_str[0] = '\0'; 153 ZERO_STRUCT(md5_ctx); 154 MD5Init(&md5_ctx); 155 156 MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); 157 MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t)); 158 if (username != NULL) { 159 MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); 160 } 161 if (pass != NULL) { 162 MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); 163 } 164 165 MD5Final(token, &md5_ctx); 166 167 for(i = 0; i < sizeof(token); i++) { 168 char tmp[3]; 169 170 snprintf(tmp, sizeof(tmp), "%02x", token[i]); 171 strncat(token_str, tmp, sizeof(tmp)); 172 } 173 } 174 175 void print_xsrf_token(const char *username, const char *pass, 176 const char *formname) 177 { 178 char token[33]; 179 time_t xsrf_time = time(NULL); 180 181 get_xsrf_token(username, pass, formname, xsrf_time, token); 182 printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n", 183 XSRF_TOKEN, token); 184 printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n", 185 XSRF_TIME, (long long int)xsrf_time); 186 } 187 188 bool verify_xsrf_token(const char *formname) 189 { 190 char expected[33]; 191 const char *username = cgi_user_name(); 192 const char *pass = cgi_user_pass(); 193 const char *token = cgi_variable_nonull(XSRF_TOKEN); 194 const char *time_str = cgi_variable_nonull(XSRF_TIME); 195 time_t xsrf_time = 0; 196 time_t now = time(NULL); 197 198 if (sizeof(time_t) == sizeof(int)) { 199 xsrf_time = atoi(time_str); 200 } else if (sizeof(time_t) == sizeof(long)) { 201 xsrf_time = atol(time_str); 202 } else if (sizeof(time_t) == sizeof(long long)) { 203 xsrf_time = atoll(time_str); 204 } 205 206 if (abs(now - xsrf_time) > XSRF_TIMEOUT) { 207 return false; 208 } 209 210 get_xsrf_token(username, pass, formname, xsrf_time, expected); 211 return (strncmp(expected, token, sizeof(expected)) == 0); 212 } 213 140 214 141 215 /**************************************************************************** … … 612 686 { 613 687 int full_view=0; 688 const char form_name[] = "viewconfig"; 689 690 if (!verify_xsrf_token(form_name)) { 691 goto output_page; 692 } 614 693 615 694 if (cgi_variable("full_view")) { … … 617 696 } 618 697 698 output_page: 619 699 printf("<H2>%s</H2>\n", _("Current Config")); 620 700 printf("<form method=post>\n"); 701 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 621 702 622 703 if (full_view) { … … 638 719 { 639 720 unsigned int parm_filter = FLAG_WIZARD; 721 const char form_name[] = "wizard_params"; 640 722 641 723 /* Here we first set and commit all the parameters that were selected … … 643 725 644 726 printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page")); 727 728 if (!verify_xsrf_token(form_name)) { 729 goto output_page; 730 } 645 731 646 732 if (cgi_variable("Commit")) { … … 649 735 } 650 736 737 output_page: 651 738 printf("<form name=\"swatform\" method=post action=wizard_params>\n"); 739 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 652 740 653 741 if (have_write_access) { … … 685 773 int HomeExpo = 0; 686 774 int SerType = 0; 775 const char form_name[] = "wizard"; 776 777 if (!verify_xsrf_token(form_name)) { 778 goto output_page; 779 } 687 780 688 781 if (cgi_variable("Rewrite")) { … … 775 868 776 869 role = lp_server_role(); 777 870 871 output_page: 778 872 /* Here we go ... */ 779 873 printf("<H2>%s</H2>\n", _("Samba Configuration Wizard")); 780 874 printf("<form method=post action=wizard>\n"); 875 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 781 876 782 877 if (have_write_access) { … … 847 942 unsigned int parm_filter = FLAG_BASIC; 848 943 int mode = 0; 944 const char form_name[] = "globals"; 849 945 850 946 printf("<H2>%s</H2>\n", _("Global Parameters")); 947 948 if (!verify_xsrf_token(form_name)) { 949 goto output_page; 950 } 851 951 852 952 if (cgi_variable("Commit")) { … … 862 962 mode = 1; 863 963 964 output_page: 864 965 printf("<form name=\"swatform\" method=post action=globals>\n"); 966 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 865 967 866 968 ViewModeBoxes( mode ); … … 902 1004 unsigned int parm_filter = FLAG_BASIC; 903 1005 size_t converted_size; 1006 const char form_name[] = "shares"; 1007 1008 printf("<H2>%s</H2>\n", _("Share Parameters")); 1009 1010 if (!verify_xsrf_token(form_name)) { 1011 goto output_page; 1012 } 904 1013 905 1014 if (share) 906 1015 snum = lp_servicenumber(share); 907 1016 908 printf("<H2>%s</H2>\n", _("Share Parameters"));909 1017 910 1018 if (cgi_variable("Commit") && snum >= 0) { … … 932 1040 } 933 1041 934 printf("<FORM name=\"swatform\" method=post>\n");935 936 printf("<table>\n");937 938 1042 if ( cgi_variable("ViewMode") ) 939 1043 mode = atoi(cgi_variable_nonull("ViewMode")); … … 942 1046 if ( cgi_variable("AdvMode")) 943 1047 mode = 1; 1048 1049 output_page: 1050 printf("<FORM name=\"swatform\" method=post>\n"); 1051 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 1052 1053 printf("<table>\n"); 944 1054 945 1055 ViewModeBoxes( mode ); … … 1122 1232 printf("<p>"); 1123 1233 if (rslt == True) { 1124 printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); 1125 printf("\n"); 1234 printf("%s\n", _(" The passwd has been changed.")); 1126 1235 } else { 1127 printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); 1128 printf("\n"); 1236 printf("%s\n", _(" The passwd has NOT been changed.")); 1129 1237 } 1130 1238 } … … 1139 1247 { 1140 1248 const char *new_name = cgi_user_name(); 1141 1142 /* 1143 * After the first time through here be nice. If the user 1144 * changed the User box text to another users name, remember it. 1145 */ 1146 if (cgi_variable(SWAT_USER)) { 1147 new_name = cgi_variable_nonull(SWAT_USER); 1148 } 1249 const char passwd_form[] = "passwd"; 1250 const char rpasswd_form[] = "rpasswd"; 1149 1251 1150 1252 if (!new_name) new_name = ""; … … 1153 1255 1154 1256 printf("<FORM name=\"swatform\" method=post>\n"); 1257 print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form); 1155 1258 1156 1259 printf("<table>\n"); … … 1192 1295 * requested. It could be this is the first time through this 1193 1296 * code, so there isn't anything to do. */ 1194 if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || 1195 (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) { 1297 if (verify_xsrf_token(passwd_form) && 1298 ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || 1299 (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) { 1196 1300 chg_passwd(); 1197 1301 } … … 1200 1304 1201 1305 printf("<FORM name=\"swatform\" method=post>\n"); 1306 print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form); 1202 1307 1203 1308 printf("<table>\n"); … … 1232 1337 * is the first time through this code, so there isn't 1233 1338 * anything to do. */ 1234 if ( cgi_variable(CHG_R_PASSWD_FLAG)) {1339 if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) { 1235 1340 chg_passwd(); 1236 1341 } … … 1249 1354 int mode = 0; 1250 1355 unsigned int parm_filter = FLAG_BASIC; 1356 const char form_name[] = "printers"; 1357 1358 if (!verify_xsrf_token(form_name)) { 1359 goto output_page; 1360 } 1251 1361 1252 1362 if (share) 1253 1363 snum = lp_servicenumber(share); 1254 1255 printf("<H2>%s</H2>\n", _("Printer Parameters"));1256 1257 printf("<H3>%s</H3>\n", _("Important Note:"));1258 printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));1259 printf("%s",_("are autoloaded printers from "));1260 printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));1261 printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));1262 1364 1263 1365 if (cgi_variable("Commit") && snum >= 0) { … … 1289 1391 } 1290 1392 1291 printf("<FORM name=\"swatform\" method=post>\n");1292 1293 1393 if ( cgi_variable("ViewMode") ) 1294 1394 mode = atoi(cgi_variable_nonull("ViewMode")); … … 1297 1397 if ( cgi_variable("AdvMode")) 1298 1398 mode = 1; 1399 1400 output_page: 1401 printf("<H2>%s</H2>\n", _("Printer Parameters")); 1402 1403 printf("<H3>%s</H3>\n", _("Important Note:")); 1404 printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); 1405 printf("%s",_("are autoloaded printers from ")); 1406 printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); 1407 printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); 1408 1409 1410 printf("<FORM name=\"swatform\" method=post>\n"); 1411 print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); 1299 1412 1300 1413 ViewModeBoxes( mode );
Note:
See TracChangeset
for help on using the changeset viewer.
