Context Navigation

← Previous Change
Next Change →

cgi.c

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

File:

: 1 edited

vendor/current/source3/web/cgi.c (modified) (15 diffs)

Legend:

: Unmodified
: Added
: Removed

vendor/current/source3/web/cgi.c

-              r615
+              r740
    some simple CGI helper routines
    Copyright (C) Andrew Tridgell 1997-1998
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 #include "includes.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
 #include "web/swat_proto.h"
+#include "intl/lang_tdb.h"
+#include "auth.h"
 #include "secrets.h"
-#include "../lib/util/util.h"
 #define MAX_VARIABLES 10000
 …
         while ((*cl)) {
                 int c;
                 if (i == len) {
                         char *ret2;
 …
                         ret = ret2;
+                }
                 c = fgetc(f);
                 (*cl)--;
 …
                         break;
+                }
                 if (c == '\r') continue;
 …
+        }
         if (ret) {
                 ret[i] = 0;
 …
                         p = strchr_m(line,'=');
                         if (!p) continue;
                         *p = 0;
                         variables[num_variables].name = SMB_STRDUP(line);
                         variables[num_variables].value = SMB_STRDUP(p+1);
                         SAFE_FREE(line);
                         if (!variables[num_variables].name ||
                             !variables[num_variables].value)
 …
                                variables[num_variables].value);
 #endif
                         num_variables++;
                         if (num_variables == MAX_VARIABLES) break;
 …
                         p = strchr_m(tok,'=');
                         if (!p) continue;
                         *p = 0;
                         variables[num_variables].name = SMB_STRDUP(tok);
                         variables[num_variables].value = SMB_STRDUP(p+1);
 …
+        }
         pwd = Get_Pwnam_alloc(talloc_autofree_context(), user);
+        pwd = Get_Pwnam_alloc(talloc_tos(), user);
         if (!pwd) {
                 printf("%sCannot find user %s<br>%s\n", head, user, tail);
 …
                 if (C_pass == NULL) {
                         char *tmp_pass = NULL;
+                        tmp_pass = generate_random_str(talloc_tos(), 16);
+                        tmp_pass = generate_random_password(talloc_tos(),
+, 16);
                         if (tmp_pass == NULL) {
                                 printf("%sFailed to create random nonce for "
 …
         fstring user, user_pass;
         struct passwd *pass = NULL;
+        const char *rhost;
+        char addr[INET6_ADDRSTRLEN];
         if (!strnequal(line,"Basic ", 6)) {
 …
          * Try and get the user from the UNIX password file.
          */
+        pass = Get_Pwnam_alloc(talloc_autofree_context(), user);
+        pass = Get_Pwnam_alloc(talloc_tos(), user);
+        rhost = client_name(1);
+        if (strequal(rhost,"UNKNOWN"))
+                rhost = client_addr(1, addr, sizeof(addr));
         /*
          * Validate the password they have given.
          */
+        if NT_STATUS_IS_OK(pass_check(pass, user, user_pass,
+                      strlen(user_pass), NULL, False)) {
+        if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
                 if (pass) {
                         /*
                          * Password was ok.
                          */
                         if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
                                 goto err;
                         become_user_permanently(pass->pw_uid, pass->pw_gid);
                         /* Save the users name */
                         C_user = SMB_STRDUP(user);
 …
+                }
+        }
 err:
         cgi_setup_error("401 Bad Authorization",
 …
+/* return true if the char* contains ip addrs only.  Used to avoid
+name lookup calls */
+static bool only_ipaddrs_in_list(const char **list)
+{
+        bool only_ip = true;
+        if (!list) {
+                return true;
+        }
+        for (; *list ; list++) {
+                /* factor out the special strings */
+                if (strequal(*list, "ALL") || strequal(*list, "FAIL") ||
+                    strequal(*list, "EXCEPT")) {
+                        continue;
+                }
+                if (!is_ipaddress(*list)) {
+                        /*
+                         * If we failed, make sure that it was not because
+                         * the token was a network/netmask pair. Only
+                         * network/netmask pairs have a '/' in them.
+                         */
+                        if ((strchr_m(*list, '/')) == NULL) {
+                                only_ip = false;
+                                DEBUG(3,("only_ipaddrs_in_list: list has "
+                                        "non-ip address (%s)\n",
+                                        *list));
+                                break;
+                        }
+                }
+        }
+        return only_ip;
+}
+/* return true if access should be allowed to a service for a socket */
+static bool check_access(int sock, const char **allow_list,
+                         const char **deny_list)
+{
+        bool ret = false;
+        bool only_ip = false;
+        char addr[INET6_ADDRSTRLEN];
+        if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) {
+                return true;
+        }
+        /* Bypass name resolution calls if the lists
+         * only contain IP addrs */
+        if (only_ipaddrs_in_list(allow_list) &&
+            only_ipaddrs_in_list(deny_list)) {
+                only_ip = true;
+                DEBUG (3, ("check_access: no hostnames "
+                           "in host allow/deny list.\n"));
+                ret = allow_access(deny_list,
+                                   allow_list,
+                                   "",
+                                   get_peer_addr(sock,addr,sizeof(addr)));
+        } else {
+                DEBUG (3, ("check_access: hostnames in "
+                           "host allow/deny list.\n"));
+                ret = allow_access(deny_list,
+                                   allow_list,
+                                   get_peer_name(sock,true),
+                                   get_peer_addr(sock,addr,sizeof(addr)));
+        }
+        if (ret) {
+                DEBUG(2,("Allowed connection from %s (%s)\n",
+                         only_ip ? "" : get_peer_name(sock,true),
+                         get_peer_addr(sock,addr,sizeof(addr))));
+        } else {
+                DEBUG(0,("Denied connection from %s (%s)\n",
+                         only_ip ? "" : get_peer_name(sock,true),
+                         get_peer_addr(sock,addr,sizeof(addr))));
+        }
+        return(ret);
+}
 /**

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 740 for vendor/current/source3/web/cgi.c

Legend:

vendor/current/source3/web/cgi.c

Download in other formats: