diff options
Diffstat (limited to 'source3/web')
-rw-r--r-- | source3/web/swat.c | 28 | ||||
-rw-r--r-- | source3/web/swat_proto.h | 2 |
2 files changed, 25 insertions, 5 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c index c7bee3f70b..f95546678e 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -59,6 +59,8 @@ static int iNumNonAutoPrintServices = 0; #define ENABLE_USER_FLAG "enable_user_flag" #define RHOST "remote_host" #define XSRF_TOKEN "xsrf" +#define XSRF_TIME "xsrf_time" +#define XSRF_TIMEOUT 300 #define _(x) lang_msg_rotate(talloc_tos(),x) @@ -148,7 +150,7 @@ static char *make_parm_name(const char *label) } void get_xsrf_token(const char *username, const char *pass, - const char *formname, char token_str[33]) + const char *formname, time_t xsrf_time, char token_str[33]) { struct MD5Context md5_ctx; uint8_t token[16]; @@ -159,6 +161,7 @@ void get_xsrf_token(const char *username, const char *pass, MD5Init(&md5_ctx); MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); + MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t)); if (username != NULL) { MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); } @@ -180,11 +183,13 @@ void print_xsrf_token(const char *username, const char *pass, const char *formname) { char token[33]; + time_t xsrf_time = time(NULL); - get_xsrf_token(username, pass, formname, token); + get_xsrf_token(username, pass, formname, xsrf_time, token); printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n", XSRF_TOKEN, token); - + printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n", + XSRF_TIME, (long long int)xsrf_time); } bool verify_xsrf_token(const char *formname) @@ -193,8 +198,23 @@ bool verify_xsrf_token(const char *formname) const char *username = cgi_user_name(); const char *pass = cgi_user_pass(); const char *token = cgi_variable_nonull(XSRF_TOKEN); + const char *time_str = cgi_variable_nonull(XSRF_TIME); + time_t xsrf_time = 0; + time_t now = time(NULL); + + if (sizeof(time_t) == sizeof(int)) { + xsrf_time = atoi(time_str); + } else if (sizeof(time_t) == sizeof(long)) { + xsrf_time = atol(time_str); + } else if (sizeof(time_t) == sizeof(long long)) { + xsrf_time = atoll(time_str); + } + + if (abs(now - xsrf_time) > XSRF_TIMEOUT) { + return false; + } - get_xsrf_token(username, pass, formname, expected); + get_xsrf_token(username, pass, formname, xsrf_time, expected); return (strncmp(expected, token, sizeof(expected)) == 0); } diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h index e66c9420db..424a3af545 100644 --- a/source3/web/swat_proto.h +++ b/source3/web/swat_proto.h @@ -68,7 +68,7 @@ void status_page(void); const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid); void get_xsrf_token(const char *username, const char *pass, - const char *formname, char token_str[33]); + const char *formname, time_t xsrf_time, char token_str[33]); void print_xsrf_token(const char *username, const char *pass, const char *formname); bool verify_xsrf_token(const char *formname); |