Context Navigation

← Previous Change
Next Change →

Changeset 745 for trunk/server/source3/web

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

Files:

: 7 edited

. (modified) (1 prop)
source3/web/cgi.c (modified) (15 diffs)
source3/web/diagnose.c (modified) (3 diffs)
source3/web/neg_lang.c (modified) (3 diffs)
source3/web/startstop.c (modified) (6 diffs)
source3/web/statuspage.c (modified) (10 diffs)
source3/web/swat.c (modified) (20 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/server
- Property svn:mergeinfo changed
  /vendor/current merged: 581,587,591,594,597,600,615,618,740

trunk/server/source3/web/cgi.c

-              r617
+              r745
    some simple CGI helper routines
    Copyright (C) Andrew Tridgell 1997-1998
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 #include "includes.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
 #include "web/swat_proto.h"
+#include "intl/lang_tdb.h"
+#include "auth.h"
 #include "secrets.h"
-#include "../lib/util/util.h"
 #define MAX_VARIABLES 10000
 …
         while ((*cl)) {
                 int c;
                 if (i == len) {
                         char *ret2;
 …
                         ret = ret2;
+                }
                 c = fgetc(f);
                 (*cl)--;
 …
                         break;
+                }
                 if (c == '\r') continue;
 …
+        }
         if (ret) {
                 ret[i] = 0;
 …
                         p = strchr_m(line,'=');
                         if (!p) continue;
                         *p = 0;
                         variables[num_variables].name = SMB_STRDUP(line);
                         variables[num_variables].value = SMB_STRDUP(p+1);
                         SAFE_FREE(line);
                         if (!variables[num_variables].name ||
                             !variables[num_variables].value)
 …
                                variables[num_variables].value);
 #endif
                         num_variables++;
                         if (num_variables == MAX_VARIABLES) break;
 …
                         p = strchr_m(tok,'=');
                         if (!p) continue;
                         *p = 0;
                         variables[num_variables].name = SMB_STRDUP(tok);
                         variables[num_variables].value = SMB_STRDUP(p+1);
 …
 #ifndef __OS2__
+        pwd = Get_Pwnam_alloc(talloc_autofree_context(), user);
+        pwd = Get_Pwnam_alloc(talloc_tos(), user);
         if (!pwd) {
                 printf("%sCannot find user %s<br>%s\n", head, user, tail);
 …
                 if (C_pass == NULL) {
                         char *tmp_pass = NULL;
+                        tmp_pass = generate_random_str(talloc_tos(), 16);
+                        tmp_pass = generate_random_password(talloc_tos(),
+, 16);
                         if (tmp_pass == NULL) {
                                 printf("%sFailed to create random nonce for "
 …
         fstring user, user_pass;
         struct passwd *pass = NULL;
+        const char *rhost;
+        char addr[INET6_ADDRSTRLEN];
         if (!strnequal(line,"Basic ", 6)) {
 …
          * Try and get the user from the UNIX password file.
          */
+        pass = Get_Pwnam_alloc(talloc_autofree_context(), user);
+        pass = Get_Pwnam_alloc(talloc_tos(), user);
+        rhost = client_name(1);
+        if (strequal(rhost,"UNKNOWN"))
+                rhost = client_addr(1, addr, sizeof(addr));
         /*
          * Validate the password they have given.
          */
+        if NT_STATUS_IS_OK(pass_check(pass, user, user_pass,
+                      strlen(user_pass), NULL, False)) {
+        if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
                 if (pass) {
                         /*
                          * Password was ok.
                          */
                         if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
                                 goto err;
                         become_user_permanently(pass->pw_uid, pass->pw_gid);
                         /* Save the users name */
                         C_user = SMB_STRDUP(user);
 …
+                }
+        }
 err:
         cgi_setup_error("401 Bad Authorization",
 …
+/* return true if the char* contains ip addrs only.  Used to avoid
+name lookup calls */
+static bool only_ipaddrs_in_list(const char **list)
+{
+        bool only_ip = true;
+        if (!list) {
+                return true;
+        }
+        for (; *list ; list++) {
+                /* factor out the special strings */
+                if (strequal(*list, "ALL") || strequal(*list, "FAIL") ||
+                    strequal(*list, "EXCEPT")) {
+                        continue;
+                }
+                if (!is_ipaddress(*list)) {
+                        /*
+                         * If we failed, make sure that it was not because
+                         * the token was a network/netmask pair. Only
+                         * network/netmask pairs have a '/' in them.
+                         */
+                        if ((strchr_m(*list, '/')) == NULL) {
+                                only_ip = false;
+                                DEBUG(3,("only_ipaddrs_in_list: list has "
+                                        "non-ip address (%s)\n",
+                                        *list));
+                                break;
+                        }
+                }
+        }
+        return only_ip;
+}
+/* return true if access should be allowed to a service for a socket */
+static bool check_access(int sock, const char **allow_list,
+                         const char **deny_list)
+{
+        bool ret = false;
+        bool only_ip = false;
+        char addr[INET6_ADDRSTRLEN];
+        if ((!deny_list || *deny_list==0) && (!allow_list || *allow_list==0)) {
+                return true;
+        }
+        /* Bypass name resolution calls if the lists
+         * only contain IP addrs */
+        if (only_ipaddrs_in_list(allow_list) &&
+            only_ipaddrs_in_list(deny_list)) {
+                only_ip = true;
+                DEBUG (3, ("check_access: no hostnames "
+                           "in host allow/deny list.\n"));
+                ret = allow_access(deny_list,
+                                   allow_list,
+                                   "",
+                                   get_peer_addr(sock,addr,sizeof(addr)));
+        } else {
+                DEBUG (3, ("check_access: hostnames in "
+                           "host allow/deny list.\n"));
+                ret = allow_access(deny_list,
+                                   allow_list,
+                                   get_peer_name(sock,true),
+                                   get_peer_addr(sock,addr,sizeof(addr)));
+        }
+        if (ret) {
+                DEBUG(2,("Allowed connection from %s (%s)\n",
+                         only_ip ? "" : get_peer_name(sock,true),
+                         get_peer_addr(sock,addr,sizeof(addr))));
+        } else {
+                DEBUG(0,("Denied connection from %s (%s)\n",
+                         only_ip ? "" : get_peer_name(sock,true),
+                         get_peer_addr(sock,addr,sizeof(addr))));
+        }
+        return(ret);
+}
 /**

trunk/server/source3/web/diagnose.c

-              r414
+              r745
    diagnosis tools for web admin
    Copyright (C) Andrew Tridgell 1998
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "lib/winbind_util.h"
+#include "libsmb/libsmb.h"
 #ifdef WITH_WINBIND
 …
+{
         struct in_addr loopback_ip;
         int fd, count, flags;
+        int count;
         struct sockaddr_storage *ss_list;
         struct sockaddr_storage ss;
+        NTSTATUS status;
         loopback_ip.s_addr = htonl(INADDR_LOOPBACK);
         in_addr_to_sockaddr_storage(&ss, loopback_ip);
+        if ((fd = open_socket_in(SOCK_DGRAM, 0, 3,
+                                 &ss, True)) != -1) {
+                if ((ss_list = name_query(fd, "__SAMBA__", 0,
+                                          True, True, &ss,
+                                          &count, &flags, NULL)) != NULL) {
+                        SAFE_FREE(ss_list);
+                        close(fd);
+                        return True;
+                }
+                close (fd);
+        status = name_query("__SAMBA__", 0,
+                            True, True, &ss,
+                            talloc_tos(), &ss_list, &count,
+                            NULL);
+        if (NT_STATUS_IS_OK(status)) {
+                TALLOC_FREE(ss_list);
+                return True;
+        }

trunk/server/source3/web/neg_lang.c

-              r414
+              r745
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "intl/lang_tdb.h"
 /*
 …
 };
+static int qsort_cmp_list(const void *x, const void *y) {
+        struct pri_list *a = (struct pri_list *)x;
+        struct pri_list *b = (struct pri_list *)y;
+static int qsort_cmp_list(struct pri_list *a, struct pri_list *b)
+{
         if (a->pri > b->pri) return -1;
         if (a->pri < b->pri) return 1;
 …
         TALLOC_FREE(lang_list);
         qsort(pl, lang_num, sizeof(struct pri_list), &qsort_cmp_list);
+        TYPESAFE_QSORT(pl, lang_num, qsort_cmp_list);
         /* it's not an error to not initialise - we just fall back to

trunk/server/source3/web/startstop.c

-              r454
+              r745
            is closed, therefore we use spawn() */
         SWAT_HELPER(start, smbd)
 #else
+#else
         if (fork()) {
                 return;
 …
         if (asprintf(&binfile, "%s/smbd", get_dyn_SBINDIR()) > 0) {
                 become_daemon(true, false);
+                become_daemon(true, false, false);
                 execl(binfile, binfile, "-D", NULL);
+        }
 …
            is closed, therefore we use spawn() */
         SWAT_HELPER(start, nmbd)
 #else
+#else
         if (fork()) {
                 return;
 …
         if (asprintf(&binfile, "%s/nmbd", get_dyn_SBINDIR()) > 0) {
                 become_daemon(true, false);
+                become_daemon(true, false, false);
                 execl(binfile, binfile, "-D", NULL);
+        }
 …
            is closed, therefore we use spawn() */
         SWAT_HELPER(start, winbindd)
 #else
+#else
         if (fork()) {
                 return;
 …
         if (asprintf(&binfile, "%s/winbindd", get_dyn_SBINDIR()) > 0) {
                 become_daemon(true, false);
+                become_daemon(true, false, false);
                 execl(binfile, binfile, NULL);
+        }

trunk/server/source3/web/statuspage.c

-              r617
+              r745
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "libcli/security/security.h"
+#include "locking/proto.h"
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 …
+{
         char           *utf8_fname;
+        char           *utf8_sharepath;
         int deny_mode;
         size_t converted_size;
 …
         push_utf8_talloc(talloc_tos(), &utf8_fname, fname, &converted_size);
+        printf("<td>%s</td><td>%s</td></tr>\n",
+               utf8_fname,tstring(talloc_tos(),e->time.tv_sec));
+        push_utf8_talloc(talloc_tos(), &utf8_sharepath, sharepath,
+                         &converted_size);
+        printf("<td>%s</td><td>%s</td><td>%s</td></tr>\n",
+               utf8_sharepath,utf8_fname,tstring(talloc_tos(),e->time.tv_sec));
         TALLOC_FREE(utf8_fname);
+}
 …
 /* kill off any connections chosen by the user */
+static int traverse_fn1(struct db_record *rec,
+                        const struct connections_key *key,
+static int traverse_fn1(const struct connections_key *key,
                         const struct connections_data *crec,
                         void *private_data)
 …
 /* traversal fn for showing machine connections */
+static int traverse_fn2(struct db_record *rec,
+                        const struct connections_key *key,
+static int traverse_fn2(const struct connections_key *key,
                         const struct connections_data *crec,
                         void *private_data)
 …
 /* traversal fn for showing share connections */
+static int traverse_fn3(struct db_record *rec,
+                        const struct connections_key *key,
+static int traverse_fn3(const struct connections_key *key,
                         const struct connections_data *crec,
                         void *private_data)
 …
+        }
         connections_forall(traverse_fn1, NULL);
+        connections_forall_read(traverse_fn1, NULL);
         initPid2Machine ();
 …
         printf("</tr>\n");
         connections_forall(traverse_fn2, NULL);
+        connections_forall_read(traverse_fn2, NULL);
         printf("</table><p>\n");
 …
                 _("Share"), _("User"), _("Group"), _("PID"), _("Client"), _("Date"));
         connections_forall(traverse_fn3, NULL);
+        connections_forall_read(traverse_fn3, NULL);
         printf("</table><p>\n");
 …
         printf("<h3>%s</h3>\n", _("Open Files"));
         printf("<table border=1>\n");
         printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th></tr>\n",
                 _("PID"), _("UID"), _("Sharing"), _("R/W"), _("Oplock"), _("File"), _("Date"));
+        printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th><th>%s</th></tr>\n",
+                _("PID"), _("UID"), _("Sharing"), _("R/W"), _("Oplock"), _("Share"), _("File"), _("Date"));
         locking_init_readonly();

trunk/server/source3/web/swat.c

-              r617
+              r745
    Copyright (C) Andrew Tridgell 1997-2002
    Copyright (C) John H Terpstra 2002
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 …
 #include "includes.h"
+#include "system/filesys.h"
+#include "popt_common.h"
 #include "web/swat_proto.h"
+#include "printing/pcap.h"
+#include "printing/load.h"
+#include "passdb.h"
+#include "intl/lang_tdb.h"
 #include "../lib/crypto/md5.h"
 …
         while (*str) {
                 if (*str != ' ') *p++ = toupper_ascii(*str);
+                if (*str != ' ') *p++ = toupper_m(*str);
                 ++str;
+        }
 …
                 snprintf(tmp, sizeof(tmp), "%02x", token[i]);
                 strncat(token_str, tmp, sizeof(tmp));
+                strlcat(token_str, tmp, sizeof(tmp));
+        }
+}
 …
         const char *token = cgi_variable_nonull(XSRF_TOKEN);
         const char *time_str = cgi_variable_nonull(XSRF_TIME);
+        char *p = NULL;
+        long long xsrf_time_ll = 0;
         time_t xsrf_time = 0;
         time_t now = time(NULL);
+        if (sizeof(time_t) == sizeof(int)) {
+                xsrf_time = atoi(time_str);
+        } else if (sizeof(time_t) == sizeof(long)) {
+                xsrf_time = atol(time_str);
+        } else if (sizeof(time_t) == sizeof(long long)) {
+                xsrf_time = atoll(time_str);
+        }
+        errno = 0;
+        xsrf_time_ll = strtoll(time_str, &p, 10);
+        if (errno != 0) {
+                return false;
+        }
+        if (p == NULL) {
+                return false;
+        }
+        if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+                return false;
+        }
+        if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+                return false;
+        }
+        if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+                return false;
+        }
+        xsrf_time = xsrf_time_ll;
         if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
 …
                 if ((parm_filter & FLAG_WIZARD) && !(parm->flags & FLAG_WIZARD)) continue;
                 if ((parm_filter & FLAG_ADVANCED) && !(parm->flags & FLAG_ADVANCED)) continue;
                 if (heading && heading != last_heading) {
                         printf("<tr><td></td></tr><tr><td><b><u>%s</u></b></td></tr>\n", _(heading));
 …
         fprintf(f, "# from %s (%s)\n", cgi_remote_host(), cgi_remote_addr());
         fprintf(f, "# Date: %s\n\n", current_timestring(ctx, False));
         lp_dump(f, show_defaults, iNumNonAutoPrintServices);
 …
+        }
         iNumNonAutoPrintServices = lp_numservices();
+        pcap_cache_reload(&load_printers);
+        if (pcap_cache_loaded()) {
+                load_printers(server_event_context(),
+                              server_messaging_context());
+        }
         return 1;
 …
+{
         char *p;
         if ((p = cgi_user_name()) && strcmp(p, "root")) {
                 printf(_("Logged in as <b>%s</b>"), p);
 …
         printf("<input type=reset name=\"Reset Values\" value=\"Reset\">\n");
         printf("<p>\n");
         printf("<table>\n");
         show_parameters(GLOBAL_SECTION_SNUM, 1, parm_filter, 0);
 …
                 /* Plain text passwords are too badly broken - use encrypted passwords only */
                 lp_do_parameter( GLOBAL_SECTION_SNUM, "encrypt passwords", "Yes");
                 switch ( SerType ){
                         case 0:
 …
                 for(i = 0; wins_servers[i]; i++) printf("%s ", wins_servers[i]);
+        }
         printf("\"></td></tr>\n");
         if (winstype == 3) {
 …
         printf("<td><input type=radio name=\"HomeExpo\" value=\"0\" %s> No</td>", (have_home == -1 ) ? "checked" : "");
         printf("<td></td></tr>\n");
         /* Enable this when we are ready ....
          * printf("<tr><td><b>%s:&nbsp;</b></td>\n", _("Is Print Server"));
 …
          * printf("<td></td></tr>\n");
          */
         printf("</table></center>");
         printf("<hr>");
 …
                 return False;
+        }
         if (remote_machine != NULL) {
                 ret = remote_password_change(remote_machine, user_name,
 …
                 return False;
+        }
         ret = local_password_change(user_name, local_flags, new_passwd,
                                         &err_str, &msg_str);
 …
         local_flags |= (cgi_variable(ENABLE_USER_FLAG) ? LOCAL_ENABLE_USER : 0);
         local_flags |= (cgi_variable(DISABLE_USER_FLAG) ? LOCAL_DISABLE_USER : 0);
         rslt = change_password(host,
 …
+                }
+        }
         return;
+}
 …
         BlockSignals(True,SIGPIPE);
+        dbf = x_fopen("/dev/null", O_WRONLY, 0);
+        if (!dbf) dbf = x_stderr;
+        debug_set_logfile("/dev/null");
         /* we don't want stderr screwing us up */
         close(2);
         open("/dev/null", O_WRONLY);
+        setup_logging("swat", DEBUG_FILE);
+        load_case_tables();
         pc = poptGetContext("swat", argc, (const char **) argv, long_options, 0);
 …
         poptFreeContext(pc);
+        load_case_tables();
+        setup_logging(argv[0],False);
+        /* This should set a more apporiate log file */
         load_config(True);
+        reopen_logs();
         load_interfaces();
         iNumNonAutoPrintServices = lp_numservices();
+        pcap_cache_reload(&load_printers);
+        if (pcap_cache_loaded()) {
+                load_printers(server_event_context(),
+                              server_messaging_context());
+        }
 #ifndef __OS2__
         cgi_setup(get_dyn_SWATDIR(), !demo_mode);
+#else
+#else
 #if 0
         debug_set_logfile("swat.log"); // this produces a logfile in the dir where swat.exe is located.
 #endif
         fstring path;
         fstrcpy(path, getcwd(NULL, _MAX_PATH));

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: