s3 swat: Add XSRF protection to printer page

[samba.git] / source3 / web / swat.c

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 373ab73127ef8047c52ace0e9f201f0bb4fd7908..bf714c5348dd975baed0d4ffe180c936b9eb6721 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -29,6 +29,7 @@
 
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "../lib/crypto/md5.h"
 
 static int demo_mode = False;
 static int passwd_only = False;
@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
 #define DISABLE_USER_FLAG "disable_user_flag"
 #define ENABLE_USER_FLAG "enable_user_flag"
 #define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
 
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 
@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
        return parmname;
 }
 
+void get_xsrf_token(const char *username, const char *pass,
+                   const char *formname, char token_str[33])
+{
+       struct MD5Context md5_ctx;
+       uint8_t token[16];
+       int i;
+
+       token_str[0] = '\0';
+       ZERO_STRUCT(md5_ctx);
+       MD5Init(&md5_ctx);
+
+       MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+       if (username != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+       }
+       if (pass != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+       }
+
+       MD5Final(token, &md5_ctx);
+
+       for(i = 0; i < sizeof(token); i++) {
+               char tmp[3];
+
+               snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+               strncat(token_str, tmp, sizeof(tmp));
+       }
+}
+
+void print_xsrf_token(const char *username, const char *pass,
+                     const char *formname)
+{
+       char token[33];
+
+       get_xsrf_token(username, pass, formname, token);
+       printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
+              XSRF_TOKEN, token);
+
+}
+
+bool verify_xsrf_token(const char *formname)
+{
+       char expected[33];
+       const char *username = cgi_user_name();
+       const char *pass = cgi_user_pass();
+       const char *token = cgi_variable_nonull(XSRF_TOKEN);
+
+       get_xsrf_token(username, pass, formname, expected);
+       return (strncmp(expected, token, sizeof(expected)) == 0);
+}
+
+
 /****************************************************************************
   include a lump of html in a page 
 ****************************************************************************/
@@ -156,7 +210,9 @@ static int include_html(const char *fname)
        }
 
        while ((ret = read(fd, buf, sizeof(buf))) > 0) {
-               write(1, buf, ret);
+               if (write(1, buf, ret) == -1) {
+                       break;
+               }
        }
 
        close(fd);
@@ -232,7 +288,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
        TALLOC_CTX *ctx = talloc_stackframe();
 
        if (parm->p_class == P_LOCAL && snum >= 0) {
-               ptr = lp_local_ptr(snum, ptr);
+               ptr = lp_local_ptr_by_snum(snum, ptr);
        }
 
        printf("<tr><td>%s</td><td>", get_parm_translated(ctx,
@@ -375,7 +431,7 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
                                        void *ptr = parm->ptr;
 
                                if (parm->p_class == P_LOCAL && snum >= 0) {
-                                       ptr = lp_local_ptr(snum, ptr);
+                                       ptr = lp_local_ptr_by_snum(snum, ptr);
                                }
 
                                switch (parm->type) {
@@ -384,7 +440,8 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
                                        break;
 
                                case P_LIST:
-                                       if (!str_list_compare(*(char ***)ptr, (char **)(parm->def.lvalue))) continue;
+                                       if (!str_list_equal(*(const char ***)ptr, 
+                                                           (const char **)(parm->def.lvalue))) continue;
                                        break;
 
                                case P_STRING:
@@ -430,7 +487,6 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
 ****************************************************************************/
 static bool load_config(bool save_def)
 {
-       lp_resetnumservices();
        return lp_load(get_dyn_CONFIGFILE(),False,save_def,False,True);
 }
 
@@ -476,7 +532,7 @@ static int save_reload(int snum)
        }
 
        write_config(f, False);
-       if (snum)
+       if (snum >= 0)
                lp_dump_one(f, False, snum);
        fclose(f);
 
@@ -596,7 +652,7 @@ static void ViewModeBoxes(int mode)
 ****************************************************************************/
 static void welcome_page(void)
 {
-       if (file_exist("help/welcome.html", NULL)) {
+       if (file_exist("help/welcome.html")) {
                include_html("help/welcome.html");
        } else {
                include_html("help/welcome-no-samba-doc.html");
@@ -609,13 +665,20 @@ static void welcome_page(void)
 static void viewconfig_page(void)
 {
        int full_view=0;
+       const char form_name[] = "viewconfig";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (cgi_variable("full_view")) {
                full_view = 1;
        }
 
+output_page:
        printf("<H2>%s</H2>\n", _("Current Config"));
        printf("<form method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (full_view) {
                printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
@@ -635,18 +698,25 @@ static void viewconfig_page(void)
 static void wizard_params_page(void)
 {
        unsigned int parm_filter = FLAG_WIZARD;
+       const char form_name[] = "wizard_params";
 
        /* Here we first set and commit all the parameters that were selected
           in the previous screen. */
 
        printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
 
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
+
        if (cgi_variable("Commit")) {
                commit_parameters(GLOBAL_SECTION_SNUM);
                save_reload(0);
        }
 
+output_page:
        printf("<form name=\"swatform\" method=post action=wizard_params>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (have_write_access) {
                printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
@@ -682,6 +752,11 @@ static void wizard_page(void)
        int have_home = -1;
        int HomeExpo = 0;
        int SerType = 0;
+       const char form_name[] = "wizard";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (cgi_variable("Rewrite")) {
                (void) rewritecfg_file();
@@ -740,12 +815,12 @@ static void wizard_page(void)
 
                        load_config(False);
                        lp_copy_service(GLOBAL_SECTION_SNUM, unix_share);
-                       iNumNonAutoPrintServices = lp_numservices();
                        have_home = lp_servicenumber(HOMES_NAME);
                        lp_do_parameter( have_home, "read only", "No");
                        lp_do_parameter( have_home, "valid users", "%S");
                        lp_do_parameter( have_home, "browseable", "No");
                        commit_parameters(have_home);
+                       save_reload(have_home);
                }
 
                /* Need to Delete Homes share? */
@@ -772,10 +847,12 @@ static void wizard_page(void)
                winstype = 3;
 
        role = lp_server_role();
-       
+
+output_page:
        /* Here we go ... */
        printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
        printf("<form method=post action=wizard>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (have_write_access) {
                printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
@@ -844,9 +921,14 @@ static void globals_page(void)
 {
        unsigned int parm_filter = FLAG_BASIC;
        int mode = 0;
+       const char form_name[] = "globals";
 
        printf("<H2>%s</H2>\n", _("Global Parameters"));
 
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
+
        if (cgi_variable("Commit")) {
                commit_parameters(GLOBAL_SECTION_SNUM);
                save_reload(0);
@@ -859,7 +941,9 @@ static void globals_page(void)
        if ( cgi_variable("AdvMode"))
                mode = 1;
 
+output_page:
        printf("<form name=\"swatform\" method=post action=globals>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        ViewModeBoxes( mode );
        switch ( mode ) {
@@ -899,15 +983,22 @@ static void shares_page(void)
        int mode = 0;
        unsigned int parm_filter = FLAG_BASIC;
        size_t converted_size;
+       const char form_name[] = "shares";
+
+       printf("<H2>%s</H2>\n", _("Share Parameters"));
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (share)
                snum = lp_servicenumber(share);
 
-       printf("<H2>%s</H2>\n", _("Share Parameters"));
 
        if (cgi_variable("Commit") && snum >= 0) {
                commit_parameters(snum);
                save_reload(0);
+               snum = lp_servicenumber(share);
        }
 
        if (cgi_variable("Delete") && snum >= 0) {
@@ -918,17 +1009,16 @@ static void shares_page(void)
        }
 
        if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
-               load_config(False);
-               lp_copy_service(GLOBAL_SECTION_SNUM, share);
-               iNumNonAutoPrintServices = lp_numservices();
-               save_reload(0);
                snum = lp_servicenumber(share);
+               if (snum < 0) {
+                       load_config(False);
+                       lp_copy_service(GLOBAL_SECTION_SNUM, share);
+                       snum = lp_servicenumber(share);
+                       save_reload(snum);
+                       snum = lp_servicenumber(share);
+               }
        }
 
-       printf("<FORM name=\"swatform\" method=post>\n");
-
-       printf("<table>\n");
-
        if ( cgi_variable("ViewMode") )
                mode = atoi(cgi_variable_nonull("ViewMode"));
        if ( cgi_variable("BasicMode"))
@@ -936,6 +1026,12 @@ static void shares_page(void)
        if ( cgi_variable("AdvMode"))
                mode = 1;
 
+output_page:
+       printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+
+       printf("<table>\n");
+
        ViewModeBoxes( mode );
        switch ( mode ) {
                case 0:
@@ -958,7 +1054,6 @@ static void shares_page(void)
                               (share && strcmp(share,s)==0)?"SELECTED":"",
                               utf8_s, utf8_s);
                        SAFE_FREE(utf8_s);
-                       
                }
        }
        printf("</select></td>\n");
@@ -1116,11 +1211,9 @@ static void chg_passwd(void)
        if(cgi_variable(CHG_S_PASSWD_FLAG)) {
                printf("<p>");
                if (rslt == True) {
-                       printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd has been changed."));
                } else {
-                       printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd for has NOT been changed."));
                }
        }
        
@@ -1133,20 +1226,15 @@ static void chg_passwd(void)
 static void passwd_page(void)
 {
        const char *new_name = cgi_user_name();
-
-       /* 
-        * After the first time through here be nice. If the user
-        * changed the User box text to another users name, remember it.
-        */
-       if (cgi_variable(SWAT_USER)) {
-               new_name = cgi_variable_nonull(SWAT_USER);
-       } 
+       const char passwd_form[] = "passwd";
+       const char rpasswd_form[] = "rpasswd";
 
        if (!new_name) new_name = "";
 
        printf("<H2>%s</H2>\n", _("Server Password Management"));
 
        printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form);
 
        printf("<table>\n");
 
@@ -1186,14 +1274,16 @@ static void passwd_page(void)
         * Do some work if change, add, disable or enable was
         * requested. It could be this is the first time through this
         * code, so there isn't anything to do.  */
-       if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
-           (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
+       if (verify_xsrf_token(passwd_form) &&
+          ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
+           (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) {
                chg_passwd();           
        }
 
        printf("<H2>%s</H2>\n", _("Client/Server Password Management"));
 
        printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form);
 
        printf("<table>\n");
 
@@ -1226,7 +1316,7 @@ static void passwd_page(void)
         * password somewhere other than the server. It could be this
         * is the first time through this code, so there isn't
         * anything to do.  */
-       if (cgi_variable(CHG_R_PASSWD_FLAG)) {
+       if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) {
                chg_passwd();           
        }
 
@@ -1243,24 +1333,22 @@ static void printers_page(void)
        int i;
        int mode = 0;
        unsigned int parm_filter = FLAG_BASIC;
+       const char form_name[] = "printers";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (share)
                snum = lp_servicenumber(share);
 
-        printf("<H2>%s</H2>\n", _("Printer Parameters"));
- 
-        printf("<H3>%s</H3>\n", _("Important Note:"));
-        printf(_("Printer names marked with [*] in the Choose Printer drop-down box "));
-        printf(_("are autoloaded printers from "));
-        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
-        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
-
        if (cgi_variable("Commit") && snum >= 0) {
                commit_parameters(snum);
                if (snum >= iNumNonAutoPrintServices)
                    save_reload(snum);
                else
                    save_reload(0);
+               snum = lp_servicenumber(share);
        }
 
        if (cgi_variable("Delete") && snum >= 0) {
@@ -1271,17 +1359,17 @@ static void printers_page(void)
        }
 
        if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
-               load_config(False);
-               lp_copy_service(GLOBAL_SECTION_SNUM, share);
-               iNumNonAutoPrintServices = lp_numservices();
-               snum = lp_servicenumber(share);
-               lp_do_parameter(snum, "print ok", "Yes");
-               save_reload(0);
                snum = lp_servicenumber(share);
+               if (snum < 0 || snum >= iNumNonAutoPrintServices) {
+                       load_config(False);
+                       lp_copy_service(GLOBAL_SECTION_SNUM, share);
+                       snum = lp_servicenumber(share);
+                       lp_do_parameter(snum, "print ok", "Yes");
+                       save_reload(snum);
+                       snum = lp_servicenumber(share);
+               }
        }
 
-       printf("<FORM name=\"swatform\" method=post>\n");
-
        if ( cgi_variable("ViewMode") )
                mode = atoi(cgi_variable_nonull("ViewMode"));
         if ( cgi_variable("BasicMode"))
@@ -1289,6 +1377,19 @@ static void printers_page(void)
         if ( cgi_variable("AdvMode"))
                 mode = 1;
 
+output_page:
+        printf("<H2>%s</H2>\n", _("Printer Parameters"));
+
+        printf("<H3>%s</H3>\n", _("Important Note:"));
+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
+        printf("%s",_("are autoloaded printers from "));
+        printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
+        printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
+
+
+       printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+
        ViewModeBoxes( mode );
        switch ( mode ) {
                case 0:
@@ -1434,7 +1535,7 @@ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid)
 
        cgi_load_variables();
 
-       if (!file_exist(get_dyn_CONFIGFILE(), NULL)) {
+       if (!file_exist(get_dyn_CONFIGFILE())) {
                have_read_access = True;
                have_write_access = True;
        } else {