From c379b3623a484c1522f5c16d9a32019155ad1a46 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 26 Jul 2011 12:46:30 -0700 Subject: s3 swat: Add support for anti-XSRF token --- source3/web/swat.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ source3/web/swat_proto.h | 5 +++++ 2 files changed, 59 insertions(+) (limited to 'source3/web') diff --git a/source3/web/swat.c b/source3/web/swat.c index 5e66b1c985..353b7faf59 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -35,6 +35,7 @@ #include "printing/load.h" #include "passdb.h" #include "intl/lang_tdb.h" +#include "../lib/crypto/md5.h" #include "lib/param/loadparm.h" static int demo_mode = False; @@ -57,6 +58,7 @@ static int iNumNonAutoPrintServices = 0; #define DISABLE_USER_FLAG "disable_user_flag" #define ENABLE_USER_FLAG "enable_user_flag" #define RHOST "remote_host" +#define XSRF_TOKEN "xsrf" #define _(x) lang_msg_rotate(talloc_tos(),x) @@ -145,6 +147,58 @@ static char *make_parm_name(const char *label) return parmname; } +void get_xsrf_token(const char *username, const char *pass, + const char *formname, char token_str[33]) +{ + struct MD5Context md5_ctx; + uint8_t token[16]; + int i; + + token_str[0] = '\0'; + ZERO_STRUCT(md5_ctx); + MD5Init(&md5_ctx); + + MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); + if (username != NULL) { + MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); + } + if (pass != NULL) { + MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); + } + + MD5Final(token, &md5_ctx); + + for(i = 0; i < sizeof(token); i++) { + char tmp[3]; + + snprintf(tmp, sizeof(tmp), "%02x", token[i]); + strncat(token_str, tmp, sizeof(tmp)); + } +} + +void print_xsrf_token(const char *username, const char *pass, + const char *formname) +{ + char token[33]; + + get_xsrf_token(username, pass, formname, token); + printf("\n", + XSRF_TOKEN, token); + +} + +bool verify_xsrf_token(const char *formname) +{ + char expected[33]; + const char *username = cgi_user_name(); + const char *pass = cgi_user_pass(); + const char *token = cgi_variable_nonull(XSRF_TOKEN); + + get_xsrf_token(username, pass, formname, expected); + return (strncmp(expected, token, sizeof(expected)) == 0); +} + + /**************************************************************************** include a lump of html in a page ****************************************************************************/ diff --git a/source3/web/swat_proto.h b/source3/web/swat_proto.h index 76f9c3c68f..e66c9420db 100644 --- a/source3/web/swat_proto.h +++ b/source3/web/swat_proto.h @@ -67,5 +67,10 @@ void status_page(void); /* The following definitions come from web/swat.c */ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid); +void get_xsrf_token(const char *username, const char *pass, + const char *formname, char token_str[33]); +void print_xsrf_token(const char *username, const char *pass, + const char *formname); +bool verify_xsrf_token(const char *formname); #endif /* _SWAT_PROTO_H_ */ -- cgit