summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/web/swat.c28
-rw-r--r--source3/web/swat_proto.h2
2 files changed, 25 insertions, 5 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c
index c7bee3f70b..f95546678e 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -59,6 +59,8 @@ static int iNumNonAutoPrintServices = 0;
#define ENABLE_USER_FLAG "enable_user_flag"
#define RHOST "remote_host"
#define XSRF_TOKEN "xsrf"
+#define XSRF_TIME "xsrf_time"
+#define XSRF_TIMEOUT 300
#define _(x) lang_msg_rotate(talloc_tos(),x)
@@ -148,7 +150,7 @@ static char *make_parm_name(const char *label)
}
void get_xsrf_token(const char *username, const char *pass,
- const char *formname, char token_str[33])
+ const char *formname, time_t xsrf_time, char token_str[33])
{
struct MD5Context md5_ctx;
uint8_t token[16];
@@ -159,6 +161,7 @@ void get_xsrf_token(const char *username, const char *pass,
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
if (username != NULL) {
MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
}
@@ -180,11 +183,13 @@ void print_xsrf_token(const char *username, const char *pass,
const char *formname)
{
char token[33];
+ time_t xsrf_time = time(NULL);
- get_xsrf_token(username, pass, formname, token);
+ get_xsrf_token(username, pass, formname, xsrf_time, token);
printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
XSRF_TOKEN, token);
-
+ printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n",
+ XSRF_TIME, (long long int)xsrf_time);
}
bool verify_xsrf_token(const char *formname)
@@ -193,8 +198,23 @@ bool verify_xsrf_token(const char *formname)
const char *username = cgi_user_name();
const char *pass = cgi_user_pass();
const char *token = cgi_variable_nonull(XSRF_TOKEN);
+ const char *time_str = cgi_variable_nonull(XSRF_TIME);
+ time_t xsrf_time = 0;
+ time_t now = time(NULL);
+
+ if (sizeof(time_t) == sizeof(int)) {
+ xsrf_time = atoi(time_str);
+ } else if (sizeof(time_t) == sizeof(long)) {
+ xsrf_time = atol(time_str);
+ } else if (sizeof(time_t) == sizeof(long long)) {
+ xsrf_time = atoll(time_str);
+ }
+
+ if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
+ return false;
+ }
- get_xsrf_token(username, pass, formname, expected);
+ get_xsrf_token(username, pass, formname, xsrf_time, expected);
return (strncmp(expected, token, sizeof(expected)) == 0);
}
diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h
index e66c9420db..424a3af545 100644
--- a/source3/web/swat_proto.h
+++ b/source3/web/swat_proto.h
@@ -68,7 +68,7 @@ void status_page(void);
const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
void get_xsrf_token(const char *username, const char *pass,
- const char *formname, char token_str[33]);
+ const char *formname, time_t xsrf_time, char token_str[33]);
void print_xsrf_token(const char *username, const char *pass,
const char *formname);
bool verify_xsrf_token(const char *formname);