1 |
diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/cgi.c samba-3.5.21/source3/web/cgi.c |
2 |
--- samba-3.5.20/source3/web/cgi.c 2012-12-14 10:14:09.000000000 +0100 |
3 |
+++ samba-3.5.21/source3/web/cgi.c 2013-01-29 10:52:38.000000000 +0100 |
4 |
@@ -45,6 +45,7 @@ |
5 |
static char *pathinfo; |
6 |
static char *C_user; |
7 |
static char *C_pass; |
8 |
+static char *C_nonce; |
9 |
static bool inetd_server; |
10 |
static bool got_request; |
11 |
|
12 |
@@ -326,19 +327,7 @@ |
13 |
C_user = SMB_STRDUP(user); |
14 |
|
15 |
if (!setuid(0)) { |
16 |
- C_pass = secrets_fetch_generic("root", "SWAT"); |
17 |
- if (C_pass == NULL) { |
18 |
- char *tmp_pass = NULL; |
19 |
- tmp_pass = generate_random_str(talloc_tos(), 16); |
20 |
- if (tmp_pass == NULL) { |
21 |
- printf("%sFailed to create random nonce for " |
22 |
- "SWAT session\n<br>%s\n", head, tail); |
23 |
- exit(0); |
24 |
- } |
25 |
- secrets_store_generic("root", "SWAT", tmp_pass); |
26 |
- C_pass = SMB_STRDUP(tmp_pass); |
27 |
- TALLOC_FREE(tmp_pass); |
28 |
- } |
29 |
+ C_pass = SMB_STRDUP(cgi_nonce()); |
30 |
} |
31 |
setuid(pwd->pw_uid); |
32 |
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { |
33 |
@@ -451,6 +440,30 @@ |
34 |
} |
35 |
|
36 |
/*************************************************************************** |
37 |
+return a ptr to the nonce |
38 |
+ ***************************************************************************/ |
39 |
+char *cgi_nonce(void) |
40 |
+{ |
41 |
+ const char *head = "Content-Type: text/html\r\n\r\n<HTML><BODY><H1>SWAT installation Error</H1>\n"; |
42 |
+ const char *tail = "</BODY></HTML>\r\n"; |
43 |
+ C_nonce = secrets_fetch_generic("root", "SWAT"); |
44 |
+ if (C_nonce == NULL) { |
45 |
+ char *tmp_pass = NULL; |
46 |
+ tmp_pass = generate_random_str(talloc_tos(), 16); |
47 |
+ if (tmp_pass == NULL) { |
48 |
+ printf("%sFailed to create random nonce for " |
49 |
+ "SWAT session\n<br>%s\n", head, tail); |
50 |
+ exit(0); |
51 |
+ } |
52 |
+ secrets_store_generic("root", "SWAT", tmp_pass); |
53 |
+ C_nonce = SMB_STRDUP(tmp_pass); |
54 |
+ TALLOC_FREE(tmp_pass); |
55 |
+ } |
56 |
+ return(C_nonce); |
57 |
+} |
58 |
+ |
59 |
+ |
60 |
+/*************************************************************************** |
61 |
handle a file download |
62 |
***************************************************************************/ |
63 |
static void cgi_download(char *file) |
64 |
diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat.c samba-3.5.21/source3/web/swat.c |
65 |
--- samba-3.5.20/source3/web/swat.c 2012-12-14 10:14:09.000000000 +0100 |
66 |
+++ samba-3.5.21/source3/web/swat.c 2013-01-29 10:52:38.000000000 +0100 |
67 |
@@ -148,6 +148,7 @@ |
68 |
struct MD5Context md5_ctx; |
69 |
uint8_t token[16]; |
70 |
int i; |
71 |
+ char *nonce = cgi_nonce(); |
72 |
|
73 |
token_str[0] = '\0'; |
74 |
ZERO_STRUCT(md5_ctx); |
75 |
@@ -161,6 +162,7 @@ |
76 |
if (pass != NULL) { |
77 |
MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); |
78 |
} |
79 |
+ MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce)); |
80 |
|
81 |
MD5Final(token, &md5_ctx); |
82 |
|
83 |
@@ -260,7 +262,8 @@ |
84 |
if (!cgi_waspost()) { |
85 |
printf("Expires: 0\r\n"); |
86 |
} |
87 |
- printf("Content-type: text/html\r\n\r\n"); |
88 |
+ printf("Content-type: text/html\r\n"); |
89 |
+ printf("X-Frame-Options: DENY\r\n\r\n"); |
90 |
|
91 |
if (!include_html("include/header.html")) { |
92 |
printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">\n"); |
93 |
diff -u -r --new-file --exclude .svn --exclude CVS samba-3.5.20/source3/web/swat_proto.h samba-3.5.21/source3/web/swat_proto.h |
94 |
--- samba-3.5.20/source3/web/swat_proto.h 2012-12-14 10:14:09.000000000 +0100 |
95 |
+++ samba-3.5.21/source3/web/swat_proto.h 2013-01-29 10:52:38.000000000 +0100 |
96 |
@@ -32,6 +32,7 @@ |
97 |
bool am_root(void); |
98 |
char *cgi_user_name(void); |
99 |
char *cgi_user_pass(void); |
100 |
+char *cgi_nonce(void); |
101 |
void cgi_setup(const char *rootdir, int auth_required); |
102 |
const char *cgi_baseurl(void); |
103 |
const char *cgi_pathinfo(void); |