s3 swat: Create random nonce in CGI mode

In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.

Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 4bd24b72f17dfaa5545a4551d73093b6a473653b..b861b2d780a2c380d4deb654321a257a863d989b 100644 (file)
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -23,6 +23,7 @@
 #include "web/swat_proto.h"
 #include "intl/lang_tdb.h"
 #include "auth.h"
+#include "secrets.h"
 
 #define MAX_VARIABLES 10000
 
@@ -325,7 +326,24 @@ static void cgi_web_auth(void)
                exit(0);
        }
 
-       setuid(0);
+       C_user = SMB_STRDUP(user);
+
+       if (!setuid(0)) {
+               C_pass = secrets_fetch_generic("root", "SWAT");
+               if (C_pass == NULL) {
+                       char *tmp_pass = NULL;
+                       tmp_pass = generate_random_password(talloc_tos(),
+                                                           16, 16);
+                       if (tmp_pass == NULL) {
+                               printf("%sFailed to create random nonce for "
+                                      "SWAT session\n<br>%s\n", head, tail);
+                               exit(0);
+                       }
+                       secrets_store_generic("root", "SWAT", tmp_pass);
+                       C_pass = SMB_STRDUP(tmp_pass);
+                       TALLOC_FREE(tmp_pass);
+               }
+       }
        setuid(pwd->pw_uid);
        if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
                printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",