git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3 swat: Add XSRF protection to password page
[samba.git] / source3 / web / swat.c
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 2cf0eabeedd24b2d436d0191755eb1f839d5d848..c46cd8f592ded6bcc52bc9caac8a6b5cee5d6061 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -29,6 +29,7 @@
 
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "../lib/crypto/md5.h"
 
 static int demo_mode = False;
 static int passwd_only = False;
@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
 #define DISABLE_USER_FLAG "disable_user_flag"
 #define ENABLE_USER_FLAG "enable_user_flag"
 #define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
 
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 
@@ -86,13 +88,14 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char *str)
 
        /* Count the number of quotes. */
        newstring_len = 1;
-       while (*str) {
-               if ( *str == '\"') {
+       p = (char *) str;
+       while (*p) {
+               if ( *p == '\"') {
                        newstring_len += quote_len;
                } else {
                        newstring_len++;
                }
-               ++str;
+               ++p;
        }
        newstring = TALLOC_ARRAY(ctx, char, newstring_len);
        if (!newstring) {
@@ -105,7 +108,6 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char *str)
                } else {
                        *p++ = *str;
                }
-               ++str;
        }
        *p = '\0';
        return newstring;
@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
        return parmname;
 }
 
+void get_xsrf_token(const char *username, const char *pass,
+                   const char *formname, char token_str[33])
+{
+       struct MD5Context md5_ctx;
+       uint8_t token[16];
+       int i;
+
+       token_str[0] = '\0';
+       ZERO_STRUCT(md5_ctx);
+       MD5Init(&md5_ctx);
+
+       MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+       if (username != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+       }
+       if (pass != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+       }
+
+       MD5Final(token, &md5_ctx);
+
+       for(i = 0; i < sizeof(token); i++) {
+               char tmp[3];
+
+               snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+               strncat(token_str, tmp, sizeof(tmp));
+       }
+}
+
+void print_xsrf_token(const char *username, const char *pass,
+                     const char *formname)
+{
+       char token[33];
+
+       get_xsrf_token(username, pass, formname, token);
+       printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
+              XSRF_TOKEN, token);
+
+}
+
+bool verify_xsrf_token(const char *formname)
+{
+       char expected[33];
+       const char *username = cgi_user_name();
+       const char *pass = cgi_user_pass();
+       const char *token = cgi_variable_nonull(XSRF_TOKEN);
+
+       get_xsrf_token(username, pass, formname, expected);
+       return (strncmp(expected, token, sizeof(expected)) == 0);
+}
+
+
 /****************************************************************************
   include a lump of html in a page 
 ****************************************************************************/
@@ -156,7 +210,9 @@ static int include_html(const char *fname)
        }
 
        while ((ret = read(fd, buf, sizeof(buf))) > 0) {
-               write(1, buf, ret);
+               if (write(1, buf, ret) == -1) {
+                       break;
+               }
        }
 
        close(fd);
@@ -228,10 +284,11 @@ static void show_parameter(int snum, struct parm_struct *parm)
        int i;
        void *ptr = parm->ptr;
        char *utf8_s1, *utf8_s2;
+       size_t converted_size;
        TALLOC_CTX *ctx = talloc_stackframe();
 
        if (parm->p_class == P_LOCAL && snum >= 0) {
-               ptr = lp_local_ptr(snum, ptr);
+               ptr = lp_local_ptr_by_snum(snum, ptr);
        }
 
        printf("<tr><td>%s</td><td>", get_parm_translated(ctx,
@@ -252,12 +309,12 @@ static void show_parameter(int snum, struct parm_struct *parm)
                        for (;*list;list++) {
                                /* enclose in HTML encoded quotes if the string contains a space */
                                if ( strchr_m(*list, ' ') ) {
-                                       push_utf8_allocate(&utf8_s1, *list);
-                                       push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+                                       push_utf8_allocate(&utf8_s1, *list, &converted_size);
+                                       push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""), &converted_size);
                                        printf("&quot;%s&quot;%s", utf8_s1, utf8_s2);
                                } else {
-                                       push_utf8_allocate(&utf8_s1, *list);
-                                       push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+                                       push_utf8_allocate(&utf8_s1, *list, &converted_size);
+                                       push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""), &converted_size);
                                        printf("%s%s", utf8_s1, utf8_s2);
                                }
                                SAFE_FREE(utf8_s1);
@@ -282,7 +339,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
 
        case P_STRING:
        case P_USTRING:
-               push_utf8_allocate(&utf8_s1, *(char **)ptr);
+               push_utf8_allocate(&utf8_s1, *(char **)ptr, &converted_size);
                printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
                       make_parm_name(parm->label), fix_quotes(ctx, utf8_s1));
                SAFE_FREE(utf8_s1);
@@ -374,7 +431,7 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
                                        void *ptr = parm->ptr;
 
                                if (parm->p_class == P_LOCAL && snum >= 0) {
-                                       ptr = lp_local_ptr(snum, ptr);
+                                       ptr = lp_local_ptr_by_snum(snum, ptr);
                                }
 
                                switch (parm->type) {
@@ -383,7 +440,8 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
                                        break;
 
                                case P_LIST:
-                                       if (!str_list_compare(*(char ***)ptr, (char **)(parm->def.lvalue))) continue;
+                                       if (!str_list_equal(*(const char ***)ptr, 
+                                                           (const char **)(parm->def.lvalue))) continue;
                                        break;
 
                                case P_STRING:
@@ -429,7 +487,6 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
 ****************************************************************************/
 static bool load_config(bool save_def)
 {
-       lp_resetnumservices();
        return lp_load(get_dyn_CONFIGFILE(),False,save_def,False,True);
 }
 
@@ -438,11 +495,15 @@ static bool load_config(bool save_def)
 ****************************************************************************/
 static void write_config(FILE *f, bool show_defaults)
 {
+       TALLOC_CTX *ctx = talloc_stackframe();
+
        fprintf(f, "# Samba config file created using SWAT\n");
        fprintf(f, "# from %s (%s)\n", cgi_remote_host(), cgi_remote_addr());
-       fprintf(f, "# Date: %s\n\n", current_timestring(False));
+       fprintf(f, "# Date: %s\n\n", current_timestring(ctx, False));
        
        lp_dump(f, show_defaults, iNumNonAutoPrintServices);
+
+       TALLOC_FREE(ctx);
 }
 
 /****************************************************************************
@@ -471,11 +532,11 @@ static int save_reload(int snum)
        }
 
        write_config(f, False);
-       if (snum)
+       if (snum >= 0)
                lp_dump_one(f, False, snum);
        fclose(f);
 
-       lp_killunused(NULL);
+       lp_kill_all_services();
 
        if (!load_config(False)) {
                 printf(_("Can't reload %s"), get_dyn_CONFIGFILE());
@@ -483,7 +544,7 @@ static int save_reload(int snum)
                 return 0;
         }
        iNumNonAutoPrintServices = lp_numservices();
-       load_printers();
+       pcap_cache_reload(&load_printers);
 
        return 1;
 }
@@ -591,7 +652,7 @@ static void ViewModeBoxes(int mode)
 ****************************************************************************/
 static void welcome_page(void)
 {
-       if (file_exist("help/welcome.html", NULL)) {
+       if (file_exist("help/welcome.html")) {
                include_html("help/welcome.html");
        } else {
                include_html("help/welcome-no-samba-doc.html");
@@ -604,13 +665,20 @@ static void welcome_page(void)
 static void viewconfig_page(void)
 {
        int full_view=0;
+       const char form_name[] = "viewconfig";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (cgi_variable("full_view")) {
                full_view = 1;
        }
 
+output_page:
        printf("<H2>%s</H2>\n", _("Current Config"));
        printf("<form method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (full_view) {
                printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View"));
@@ -630,18 +698,25 @@ static void viewconfig_page(void)
 static void wizard_params_page(void)
 {
        unsigned int parm_filter = FLAG_WIZARD;
+       const char form_name[] = "wizard_params";
 
        /* Here we first set and commit all the parameters that were selected
           in the previous screen. */
 
        printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
 
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
+
        if (cgi_variable("Commit")) {
                commit_parameters(GLOBAL_SECTION_SNUM);
                save_reload(0);
        }
 
+output_page:
        printf("<form name=\"swatform\" method=post action=wizard_params>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (have_write_access) {
                printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n");
@@ -677,6 +752,11 @@ static void wizard_page(void)
        int have_home = -1;
        int HomeExpo = 0;
        int SerType = 0;
+       const char form_name[] = "wizard";
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (cgi_variable("Rewrite")) {
                (void) rewritecfg_file();
@@ -735,12 +815,12 @@ static void wizard_page(void)
 
                        load_config(False);
                        lp_copy_service(GLOBAL_SECTION_SNUM, unix_share);
-                       iNumNonAutoPrintServices = lp_numservices();
                        have_home = lp_servicenumber(HOMES_NAME);
                        lp_do_parameter( have_home, "read only", "No");
                        lp_do_parameter( have_home, "valid users", "%S");
                        lp_do_parameter( have_home, "browseable", "No");
                        commit_parameters(have_home);
+                       save_reload(have_home);
                }
 
                /* Need to Delete Homes share? */
@@ -767,10 +847,12 @@ static void wizard_page(void)
                winstype = 3;
 
        role = lp_server_role();
-       
+
+output_page:
        /* Here we go ... */
        printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
        printf("<form method=post action=wizard>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        if (have_write_access) {
                printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
@@ -839,9 +921,14 @@ static void globals_page(void)
 {
        unsigned int parm_filter = FLAG_BASIC;
        int mode = 0;
+       const char form_name[] = "globals";
 
        printf("<H2>%s</H2>\n", _("Global Parameters"));
 
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
+
        if (cgi_variable("Commit")) {
                commit_parameters(GLOBAL_SECTION_SNUM);
                save_reload(0);
@@ -854,7 +941,9 @@ static void globals_page(void)
        if ( cgi_variable("AdvMode"))
                mode = 1;
 
+output_page:
        printf("<form name=\"swatform\" method=post action=globals>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
        ViewModeBoxes( mode );
        switch ( mode ) {
@@ -893,15 +982,23 @@ static void shares_page(void)
        int i;
        int mode = 0;
        unsigned int parm_filter = FLAG_BASIC;
+       size_t converted_size;
+       const char form_name[] = "shares";
+
+       printf("<H2>%s</H2>\n", _("Share Parameters"));
+
+       if (!verify_xsrf_token(form_name)) {
+               goto output_page;
+       }
 
        if (share)
                snum = lp_servicenumber(share);
 
-       printf("<H2>%s</H2>\n", _("Share Parameters"));
 
        if (cgi_variable("Commit") && snum >= 0) {
                commit_parameters(snum);
                save_reload(0);
+               snum = lp_servicenumber(share);
        }
 
        if (cgi_variable("Delete") && snum >= 0) {
@@ -912,17 +1009,16 @@ static void shares_page(void)
        }
 
        if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
-               load_config(False);
-               lp_copy_service(GLOBAL_SECTION_SNUM, share);
-               iNumNonAutoPrintServices = lp_numservices();
-               save_reload(0);
                snum = lp_servicenumber(share);
+               if (snum < 0) {
+                       load_config(False);
+                       lp_copy_service(GLOBAL_SECTION_SNUM, share);
+                       snum = lp_servicenumber(share);
+                       save_reload(snum);
+                       snum = lp_servicenumber(share);
+               }
        }
 
-       printf("<FORM name=\"swatform\" method=post>\n");
-
-       printf("<table>\n");
-
        if ( cgi_variable("ViewMode") )
                mode = atoi(cgi_variable_nonull("ViewMode"));
        if ( cgi_variable("BasicMode"))
@@ -930,6 +1026,12 @@ static void shares_page(void)
        if ( cgi_variable("AdvMode"))
                mode = 1;
 
+output_page:
+       printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+
+       printf("<table>\n");
+
        ViewModeBoxes( mode );
        switch ( mode ) {
                case 0:
@@ -947,12 +1049,11 @@ static void shares_page(void)
        for (i=0;i<lp_numservices();i++) {
                s = lp_servicename(i);
                if (s && (*s) && strcmp(s,"IPC$") && !lp_print_ok(i)) {
-                       push_utf8_allocate(&utf8_s, s);
+                       push_utf8_allocate(&utf8_s, s, &converted_size);
                        printf("<option %s value=\"%s\">%s\n", 
                               (share && strcmp(share,s)==0)?"SELECTED":"",
                               utf8_s, utf8_s);
                        SAFE_FREE(utf8_s);
-                       
                }
        }
        printf("</select></td>\n");
@@ -1110,11 +1211,9 @@ static void chg_passwd(void)
        if(cgi_variable(CHG_S_PASSWD_FLAG)) {
                printf("<p>");
                if (rslt == True) {
-                       printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd has been changed."));
                } else {
-                       printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
-                       printf("\n");
+                       printf("%s\n", _(" The passwd for has NOT been changed."));
                }
        }
        
@@ -1127,20 +1226,15 @@ static void chg_passwd(void)
 static void passwd_page(void)
 {
        const char *new_name = cgi_user_name();
-
-       /* 
-        * After the first time through here be nice. If the user
-        * changed the User box text to another users name, remember it.
-        */
-       if (cgi_variable(SWAT_USER)) {
-               new_name = cgi_variable_nonull(SWAT_USER);
-       } 
+       const char passwd_form[] = "passwd";
+       const char rpasswd_form[] = "rpasswd";
 
        if (!new_name) new_name = "";
 
        printf("<H2>%s</H2>\n", _("Server Password Management"));
 
        printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form);
 
        printf("<table>\n");
 
@@ -1180,14 +1274,16 @@ static void passwd_page(void)
         * Do some work if change, add, disable or enable was
         * requested. It could be this is the first time through this
         * code, so there isn't anything to do.  */
-       if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
-           (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) {
+       if (verify_xsrf_token(passwd_form) &&
+          ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) ||
+           (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) {
                chg_passwd();           
        }
 
        printf("<H2>%s</H2>\n", _("Client/Server Password Management"));
 
        printf("<FORM name=\"swatform\" method=post>\n");
+       print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form);
 
        printf("<table>\n");
 
@@ -1220,7 +1316,7 @@ static void passwd_page(void)
         * password somewhere other than the server. It could be this
         * is the first time through this code, so there isn't
         * anything to do.  */
-       if (cgi_variable(CHG_R_PASSWD_FLAG)) {
+       if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) {
                chg_passwd();           
        }
 
@@ -1244,8 +1340,8 @@ static void printers_page(void)
         printf("<H2>%s</H2>\n", _("Printer Parameters"));
  
         printf("<H3>%s</H3>\n", _("Important Note:"));
-        printf(_("Printer names marked with [*] in the Choose Printer drop-down box "));
-        printf(_("are autoloaded printers from "));
+        printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box "));
+        printf("%s",_("are autoloaded printers from "));
         printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name"));
         printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect."));
 
@@ -1255,6 +1351,7 @@ static void printers_page(void)
                    save_reload(snum);
                else
                    save_reload(0);
+               snum = lp_servicenumber(share);
        }
 
        if (cgi_variable("Delete") && snum >= 0) {
@@ -1265,13 +1362,15 @@ static void printers_page(void)
        }
 
        if (cgi_variable("createshare") && (share=cgi_variable("newshare"))) {
-               load_config(False);
-               lp_copy_service(GLOBAL_SECTION_SNUM, share);
-               iNumNonAutoPrintServices = lp_numservices();
-               snum = lp_servicenumber(share);
-               lp_do_parameter(snum, "print ok", "Yes");
-               save_reload(0);
                snum = lp_servicenumber(share);
+               if (snum < 0 || snum >= iNumNonAutoPrintServices) {
+                       load_config(False);
+                       lp_copy_service(GLOBAL_SECTION_SNUM, share);
+                       snum = lp_servicenumber(share);
+                       lp_do_parameter(snum, "print ok", "Yes");
+                       save_reload(snum);
+                       snum = lp_servicenumber(share);
+               }
        }
 
        printf("<FORM name=\"swatform\" method=post>\n");
@@ -1420,7 +1519,7 @@ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid)
        load_config(True);
        load_interfaces();
        iNumNonAutoPrintServices = lp_numservices();
-       load_printers();
+       pcap_cache_reload(&load_printers);
 
        cgi_setup(get_dyn_SWATDIR(), !demo_mode);
 
@@ -1428,7 +1527,7 @@ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid)
 
        cgi_load_variables();
 
-       if (!file_exist(get_dyn_CONFIGFILE(), NULL)) {
+       if (!file_exist(get_dyn_CONFIGFILE())) {
                have_read_access = True;
                have_write_access = True;
        } else {
Samba Shared Repository