s3 swat: Add support for anti-XSRF token

Signed-off-by: Kai Blin <kai@samba.org>

diff --git a/source3/web/swat.c b/source3/web/swat.c
index ac5787bf1fcfb1cc35a3c423cbe50d6277040355..9dfbfe1be0887d7d01c4a91cc3db188d29b1c5da 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -29,6 +29,7 @@
 
 #include "includes.h"
 #include "web/swat_proto.h"
+#include "../lib/crypto/md5.h"
 
 static int demo_mode = False;
 static int passwd_only = False;
@@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0;
 #define DISABLE_USER_FLAG "disable_user_flag"
 #define ENABLE_USER_FLAG "enable_user_flag"
 #define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
 
 #define _(x) lang_msg_rotate(talloc_tos(),x)
 
@@ -138,6 +140,58 @@ static char *make_parm_name(const char *label)
        return parmname;
 }
 
+void get_xsrf_token(const char *username, const char *pass,
+                   const char *formname, char token_str[33])
+{
+       struct MD5Context md5_ctx;
+       uint8_t token[16];
+       int i;
+
+       token_str[0] = '\0';
+       ZERO_STRUCT(md5_ctx);
+       MD5Init(&md5_ctx);
+
+       MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+       if (username != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+       }
+       if (pass != NULL) {
+               MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+       }
+
+       MD5Final(token, &md5_ctx);
+
+       for(i = 0; i < sizeof(token); i++) {
+               char tmp[3];
+
+               snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+               strncat(token_str, tmp, sizeof(tmp));
+       }
+}
+
+void print_xsrf_token(const char *username, const char *pass,
+                     const char *formname)
+{
+       char token[33];
+
+       get_xsrf_token(username, pass, formname, token);
+       printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
+              XSRF_TOKEN, token);
+
+}
+
+bool verify_xsrf_token(const char *formname)
+{
+       char expected[33];
+       const char *username = cgi_user_name();
+       const char *pass = cgi_user_pass();
+       const char *token = cgi_variable_nonull(XSRF_TOKEN);
+
+       get_xsrf_token(username, pass, formname, expected);
+       return (strncmp(expected, token, sizeof(expected)) == 0);
+}
+
+
 /****************************************************************************
   include a lump of html in a page 
 ****************************************************************************/

diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h
index 76f9c3c68f1f381604b76c96dd993bb17a2cd957..e66c9420db54a2ebe558c044bfc80a4684d3b401 100644 (file)
--- a/source3/web/swat_proto.h
+++ b/source3/web/swat_proto.h
@@ -67,5 +67,10 @@ void status_page(void);
 /* The following definitions come from web/swat.c  */
 
 const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
+void get_xsrf_token(const char *username, const char *pass,
+                   const char *formname, char token_str[33]);
+void print_xsrf_token(const char *username, const char *pass,
+                     const char *formname);
+bool verify_xsrf_token(const char *formname);
 
 #endif /*  _SWAT_PROTO_H_  */