diff options
| author | Jeremy Allison <jra@samba.org> | 1998-11-12 03:06:00 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 1998-11-12 03:06:00 +0000 |
| commit | b0a2e2e77896aeeddbebcd748517dcf4a1230e50 (patch) | |
| tree | cb75da9b03ef8edec1a1d7719c5ecd4857c6aa39 /source3/web | |
| parent | 84c10df026ec43aa8c9d42406480331cd3e53da9 (diff) | |
| download | samba-b0a2e2e77896aeeddbebcd748517dcf4a1230e50.tar.gz samba-b0a2e2e77896aeeddbebcd748517dcf4a1230e50.tar.bz2 samba-b0a2e2e77896aeeddbebcd748517dcf4a1230e50.zip | |
Added the security changes suggested by Andrew - become the
user that authenticated to swat permanently (if not root).
Jeremy.
(This used to be commit 7d55bf379177a4a448e39577ae0af603d5e958f6)
Diffstat (limited to 'source3/web')
| -rw-r--r-- | source3/web/cgi.c | 70 | ||||
| -rw-r--r-- | source3/web/swat.c | 116 |
2 files changed, 107 insertions, 79 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 5415abf6b3..9b5cf2158c 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -293,29 +293,83 @@ static void base64_decode(char *s) /*************************************************************************** handle a http authentication line ***************************************************************************/ -static int cgi_handle_authorization(char *line) +static BOOL cgi_handle_authorization(char *line) { - char *p, *user, *pass; + char *p, *user, *user_pass; + struct passwd *pass = NULL; + int ret = False; if (strncasecmp(line,"Basic ", 6)) { cgi_setup_error("401 Bad Authorization", "", "Only basic authorization is understood"); + return False; } line += 6; while (line[0] == ' ') line++; base64_decode(line); if (!(p=strchr(line,':'))) { + /* + * Always give the same error so a cracker + * cannot tell why we fail. + */ cgi_setup_error("401 Bad Authorization", "", "username/password must be supplied"); + return False; } *p = 0; user = line; - pass = p+1; + user_pass = p+1; + + /* + * Try and get the user from the UNIX password file. + */ + + if(!(pass = Get_Pwnam(user,False))) { + /* + * Always give the same error so a cracker + * cannot tell why we fail. + */ + cgi_setup_error("401 Bad Authorization", "", + "username/password must be supplied"); + return False; + } + + /* + * Validate the password they have given. + */ + + if((ret = pass_check(user, user_pass, strlen(user_pass), NULL, NULL)) == True) { + + /* + * Password was ok. + */ + + if(pass->pw_uid != 0) { + /* + * We have not authenticated as root, + * become the user *permanently*. + */ + if(!become_user_permanently(pass->pw_uid, pass->pw_gid)) { + /* + * Always give the same error so a cracker + * cannot tell why we fail. + */ + cgi_setup_error("401 Bad Authorization", "", + "username/password must be supplied"); + return False; + } + + /* + * On exit from here we are the authenticated + * user - no way back. + */ + } - /* Save the users name */ - C_user = strdup(user); + /* Save the users name */ + C_user = strdup(user); + } - return pass_check(user, pass, strlen(pass), NULL, NULL); + return ret; } /*************************************************************************** @@ -323,7 +377,7 @@ is this root? ***************************************************************************/ BOOL am_root(void) { - if ((C_user) && (strcmp(C_user,"root") == 0)) { + if (geteuid() == 0) { return( True); } else { return( False); @@ -393,7 +447,7 @@ run as a true cgi program by a web browser or is itself a mini web server ***************************************************************************/ void cgi_setup(char *rootdir, int auth_required) { - int authenticated = 0; + BOOL authenticated = False; char line[1024]; char *url=NULL; char *p; diff --git a/source3/web/swat.c b/source3/web/swat.c index 1030689f18..1ab90a3a3d 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -771,74 +771,62 @@ static BOOL talk_to_smbpasswd(char *old, char *new) } /**************************************************************************** - become the specified uid + become the specified uid - permanently ! ****************************************************************************/ -static BOOL become_uid(uid_t uid) + +BOOL become_user_permanently(uid_t uid, gid_t gid) { -#ifdef HAVE_TRAPDOOR_UID -#ifdef HAVE_SETUIDX - /* AIX3 has setuidx which is NOT a trapoor function (tridge) */ - if (setuidx(ID_EFFECTIVE, uid) != 0) { - if (seteuid(uid) != 0) { - printf("<p> Can't set uid %d (setuidx)\n", (int)uid); - return False; - } - } -#endif -#endif -#ifdef HAVE_SETRESUID - if (setresuid(-1,uid,-1) != 0) -#else - if ((seteuid(uid) != 0) && (setuid(uid) != 0)) -#endif - { - printf("<p> Couldn't set uid %d currently set to (uid %d, euid %d)\n", - (int)uid,(int)getuid(), (int)geteuid()); - if (uid > (uid_t)32000) { - printf("<p> Looks like your OS doesn't like high uid values - try using a different account\n"); + if (geteuid() != 0) { + return(True); + } - } - return(False); - } + /* now completely lose our privilages. This is a fairly paranoid + way of doing it, but it does work on all systems that I know of */ - if (((uid == (uid_t)-1) || ((sizeof(uid_t) == 2) && (uid == 65535))) && - (geteuid() != uid)) { - printf("<p> Invalid uid -1. perhaps you have a account with uid 65535?\n"); - return(False); - } +#ifdef HAVE_SETRESUID + /* + * Firstly ensure all our uids are set to root. + */ + setresgid(0,0,0); + setresuid(0,0,0); - return(True); -} + /* + * Now ensure we change all our gids. + */ + setresgid(gid,gid,gid); -/**************************************************************************** - become the specified gid -****************************************************************************/ -static BOOL become_gid(gid_t gid) -{ -#ifdef HAVE_SETRESUID - if (setresgid(-1,gid,-1) != 0) + /* + * Now ensure all the uids are the user. + */ + setresuid(uid,uid,uid); #else - if (setgid(gid) != 0) + /* + * Firstly ensure all our uids are set to root. + */ + setuid(0); + seteuid(0); + + /* + * Now ensure we change all our gids. + */ + setgid(gid); + setegid(gid); + + /* + * Now ensure all the uids are the user. + */ + setuid(uid); + seteuid(uid); #endif - { - printf("<p> Couldn't set gid %d currently set to (gid %d, egid %d)\n", - (int)gid,(int)getgid(),(int)getegid()); - if (gid > 32000) { - printf("<p> Looks like your OS doesn't like high gid values - try using a different account\n"); - } - return(False); - } - return(True); -} + if (getuid() != uid || geteuid() != uid || + getgid() != gid || getegid() != gid) { + /* We failed to lose our privilages. */ + return False; + } -/**************************************************************************** - become the specified uid and gid -****************************************************************************/ -static BOOL become_id(uid_t uid,gid_t gid) -{ - return(become_gid(gid) && become_uid(uid)); + return(True); } /**************************************************************************** @@ -881,19 +869,6 @@ static void chg_passwd(void) } } - /* Get the UID/GID of the user, and become that user */ - if (am_root() == False) { - pass = Get_Pwnam(cgi_variable(user),True); - if (pass == NULL) { - printf("<p> User uid unknown \n"); - } else { - if (become_id(pass->pw_uid, pass->pw_gid) == False) { - printf("<p> uid/gid set failed \n"); - return; - } - } - } - #ifdef SWAT_DEBUG if (pass) printf("<p> User uid %d gid %d \n", pass->pw_uid, pass->pw_gid); printf("<p> Processes uid %d, euid %d, gid %d, egid %d \n",getuid(),geteuid(),getgid(),getegid()); @@ -1138,4 +1113,3 @@ static void printers_page(void) print_footer(); return 0; } - |