Changeset 774 for branches/samba-3.5.x/source3/web

Timestamp:

Jul 2, 2013, 8:03:46 PM (12 years ago)

Author:

Herwig Bauernfeind

Message:

Samba Server 3.5: Update branch to 3.5.21

Location:

branches/samba-3.5.x/source3/web

Files:

• cgi.c (modified) (3 diffs)
• swat.c (modified) (3 diffs)
• swat_proto.h (modified) (1 diff)

branches/samba-3.5.x/source3/web/cgi.c

@@ -46 +46 @@
 static char *C_user;
 static char *C_pass;
+static char *C_nonce;
 static bool inetd_server;
 static bool got_request;
@@ -329 +330 @@
 
         if (!setuid(0)) {
-                C_pass = secrets_fetch_generic("root", "SWAT");
-                if (C_pass == NULL) {
-                        char *tmp_pass = NULL;
-                        tmp_pass = generate_random_str(talloc_tos(), 16);
-                        if (tmp_pass == NULL) {
-                                printf("%sFailed to create random nonce for "
-                                       "SWAT session\n<br>%s\n", head, tail);
-                                exit(0);
-                        }
-                        secrets_store_generic("root", "SWAT", tmp_pass);
-                        C_pass = SMB_STRDUP(tmp_pass);
-                        TALLOC_FREE(tmp_pass);
-                }
+                C_pass = SMB_STRDUP(cgi_nonce());
         }
         setuid(pwd->pw_uid);
@@ -453 +442 @@
         return(C_pass);
 }
+
+/***************************************************************************
+return a ptr to the nonce
+  ***************************************************************************/
+char *cgi_nonce(void)
+{
+        const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n";
+        const char *tail = "</BODY></HTML>\r\n";
+        C_nonce = secrets_fetch_generic("root", "SWAT");
+        if (C_nonce == NULL) {
+                char *tmp_pass = NULL;
+                tmp_pass = generate_random_str(talloc_tos(), 16);
+                if (tmp_pass == NULL) {
+                        printf("%sFailed to create random nonce for "
+                               "SWAT session\n<br>%s\n", head, tail);
+                        exit(0);
+                }
+                secrets_store_generic("root", "SWAT", tmp_pass);
+                C_nonce = SMB_STRDUP(tmp_pass);
+                TALLOC_FREE(tmp_pass);
+        }
+        return(C_nonce);
+}
+
 
 /***************************************************************************

branches/samba-3.5.x/source3/web/swat.c

@@ -149 +149 @@
         uint8_t token[16];
         int i;
+        char *nonce = cgi_nonce();
 
         token_str[0] = '\0';
@@ -162 +163 @@
                 MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
         }
+        MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce));
 
         MD5Final(token, &md5_ctx);
@@ -261 +263 @@
                 printf("Expires: 0\r\n");
         }
-        printf("Content-type: text/html\r\n\r\n");
+        printf("Content-type: text/html\r\n");
+        printf("X-Frame-Options: DENY\r\n\r\n");
 
         if (!include_html("include/header.html")) {

branches/samba-3.5.x/source3/web/swat_proto.h

@@ -33 +33 @@
 char *cgi_user_name(void);
 char *cgi_user_pass(void);
+char *cgi_nonce(void);
 void cgi_setup(const char *rootdir, int auth_required);
 const char *cgi_baseurl(void);