git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3 swat: Add XSRF protection to viewconfig page
[samba.git] / source3 / web / swat.c
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 27c4b54e2fd1a6e7a6b80b1850278b3606118f59..430c76ed6ad0b1ac51f393d2f1aa40e16b13cfc2 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -29,6 +29,7 @@
 
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "../lib/crypto/md5.h"
 
 static int demo_mode = False;
 static int passwd_only = False;
@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
 #define DISABLE_USER_FLAG "disable_user_flag"
 #define ENABLE_USER_FLAG "enable_user_flag"
 #define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
 
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 
@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
        return parmname;
 }
 
+void get_xsrf_token(const char *username, const char *pass,
+                   const char *formname, char token_str[33])
+{
+       struct MD5Context md5_ctx;
+       uint8_t token[16];
+       int i;
+
+       token_str[0] = '\0';
+       ZERO_STRUCT(md5_ctx);
+       MD5Init(&md5_ctx);
+
+       MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+       if (username != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+       }
+       if (pass != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+       }
+
+       MD5Final(token, &md5_ctx);
+
+       for(i = 0; i < sizeof(token); i++) {
+               char tmp[3];
+
+               snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+               strncat(token_str, tmp, sizeof(tmp));
+       }
+}
+
+void print_xsrf_token(const char *username, const char *pass,
+                     const char *formname)
+{
+       char token[33];
+
+       get_xsrf_token(username, pass, formname, token);
+       printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
+              XSRF_TOKEN, token);
+
+}
+
+bool verify_xsrf_token(const char *formname)
+{
+       char expected[33];
+       const char *username = cgi_user_name();
+       const char *pass = cgi_user_pass();
+       const char *token = cgi_variable_nonull(XSRF_TOKEN);
+
+       get_xsrf_token(username, pass, formname, expected);
+       return (strncmp(expected, token, sizeof(expected)) == 0);
+}
+
+
 /****************************************************************************
   include a lump of html in a page 
 ****************************************************************************/
@@ -156,7 +210,9 @@ static int include_html(const char *fname)
        }
 
        while ((ret = read(fd, buf, sizeof(buf))) > 0) {
-               write(1, buf, ret);
+               if (write(1, buf, ret) == -1) {
+                       break;
+               }
        }
 
        close(fd);
@@ -232,7 +288,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
        TALLOC_CTX *ctx = talloc_stackframe();
 
        if (parm->p_class == P_LOCAL && snum >= 0) {
-               ptr = lp_local_ptr(snum, ptr);
+               ptr = lp_local_ptr_by_snum(snum, ptr);
        }
 
        printf("<tr><td>%s</td><td>", get_parm_translated(ctx,
@@ -375,7 +431,7 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
                                        void *ptr = parm->ptr;
 
                                if (parm->p_class == P_LOCAL && snum >= 0) {
-                                       ptr = lp_local_ptr(snum, ptr);
+                                       ptr = lp_local_ptr_by_snum(snum, ptr);
                                }
 
                                switch (parm->type) {
@@ -476,7 +532,7 @@ static int save_reload(int snum)
        }
 
        write_config(f, False);
-       if (snum)
+       if (snum >= 0)
                lp_dump_one(f, False, snum);
        fclose(f);
 
@@ -609,13 +665,20 @@ static void welcome_page(void)
 static void viewconfig_page(void)
 {
        int full_view=0;
+       const char form_name[] = "viewconfig";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (cgi_variable("full_view")) {
                full_view = 1;
        }
 
+output_page:
        printf("<H2>%s</H2>\n", _("Current Config"));
        printf("<form method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (full_view) {
                printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
@@ -1119,11 +1182,9 @@ static void chg_passwd(void)
        if(cgi_variable(CHG_S_PASSWD_FLAG)) {
                printf("<p>");
                if (rslt == True) {
-                       printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd has been changed."));
                } else {
-                       printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd for has NOT been changed."));
                }
        }
        
@@ -1137,14 +1198,6 @@ static void passwd_page(void)
 {
        const char *new_name = cgi_user_name();
 
-       /* 
-        * After the first time through here be nice. If the user
-        * changed the User box text to another users name, remember it.
-        */
-       if (cgi_variable(SWAT_USER)) {
-               new_name = cgi_variable_nonull(SWAT_USER);
-       } 
-
        if (!new_name) new_name = "";
 
        printf("<H2>%s</H2>\n", _("Server Password Management"));
@@ -1253,8 +1306,8 @@ static void printers_page(void)
         printf("<H2>%s</H2>\n", _("Printer Parameters"));
  
         printf("<H3>%s</H3>\n", _("Important Note:"));
-        printf(_("Printer names marked with [*] in the Choose Printer drop-down box "));
-        printf(_("are autoloaded printers from "));
+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
+        printf("%s",_("are autoloaded printers from "));
         printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
         printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
 
Samba Shared Repository