summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorKai Blin <kai@samba.org>2011-07-12 08:08:24 +0200
committerJeremy Allison <jra@samba.org>2011-07-26 23:33:24 +0200
commitc79e08fb1bb36a36bb09e01fdf62094a850ec3ed (patch)
treeb15690cef0647c36b0f60c3d32fa986b84280c60 /source3
parent52d2ba7103ffc10a58c81b472d9d62fca446d09b (diff)
downloadsamba-c79e08fb1bb36a36bb09e01fdf62094a850ec3ed.tar.gz
samba-c79e08fb1bb36a36bb09e01fdf62094a850ec3ed.tar.bz2
samba-c79e08fb1bb36a36bb09e01fdf62094a850ec3ed.zip
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/web/cgi.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 4bd24b72f1..b861b2d780 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -23,6 +23,7 @@
#include "web/swat_proto.h"
#include "intl/lang_tdb.h"
#include "auth.h"
+#include "secrets.h"
#define MAX_VARIABLES 10000
@@ -325,7 +326,24 @@ static void cgi_web_auth(void)
exit(0);
}
- setuid(0);
+ C_user = SMB_STRDUP(user);
+
+ if (!setuid(0)) {
+ C_pass = secrets_fetch_generic("root", "SWAT");
+ if (C_pass == NULL) {
+ char *tmp_pass = NULL;
+ tmp_pass = generate_random_password(talloc_tos(),
+ 16, 16);
+ if (tmp_pass == NULL) {
+ printf("%sFailed to create random nonce for "
+ "SWAT session\n<br>%s\n", head, tail);
+ exit(0);
+ }
+ secrets_store_generic("root", "SWAT", tmp_pass);
+ C_pass = SMB_STRDUP(tmp_pass);
+ TALLOC_FREE(tmp_pass);
+ }
+ }
setuid(pwd->pw_uid);
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",