s3 swat: Create random nonce in CGI mode

[samba.git] / source3 / web / cgi.c

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 4bd24b72f17dfaa5545a4551d73093b6a473653b..b861b2d780a2c380d4deb654321a257a863d989b 100644 (file)
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -23,6 +23,7 @@
 #include "web/swat_proto.h"
 #include "intl/lang_tdb.h"
 #include "auth.h"
+#include "secrets.h"
 
 #define MAX_VARIABLES 10000
 
@@ -325,7 +326,24 @@ static void cgi_web_auth(void)
                exit(0);
        }
 
-       setuid(0);
+       C_user = SMB_STRDUP(user);
+
+       if (!setuid(0)) {
+               C_pass = secrets_fetch_generic("root", "SWAT");
+               if (C_pass == NULL) {
+                       char *tmp_pass = NULL;
+                       tmp_pass = generate_random_password(talloc_tos(),
+                                                           16, 16);
+                       if (tmp_pass == NULL) {
+                               printf("%sFailed to create random nonce for "
+                                      "SWAT session\n<br>%s\n", head, tail);
+                               exit(0);
+                       }
+                       secrets_store_generic("root", "SWAT", tmp_pass);
+                       C_pass = SMB_STRDUP(tmp_pass);
+                       TALLOC_FREE(tmp_pass);
+               }
+       }
        setuid(pwd->pw_uid);
        if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
                printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",