#include "intl/lang_tdb.h"
#include "../lib/crypto/md5.h"
#include "lib/param/loadparm.h"
+#include "messages.h"
static int demo_mode = False;
static int passwd_only = False;
#define ENABLE_USER_FLAG "enable_user_flag"
#define RHOST "remote_host"
#define XSRF_TOKEN "xsrf"
+#define XSRF_TIME "xsrf_time"
+#define XSRF_TIMEOUT 300
#define _(x) lang_msg_rotate(talloc_tos(),x)
}
void get_xsrf_token(const char *username, const char *pass,
- const char *formname, char token_str[33])
+ const char *formname, time_t xsrf_time, char token_str[33])
{
struct MD5Context md5_ctx;
uint8_t token[16];
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
if (username != NULL) {
MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
}
char tmp[3];
snprintf(tmp, sizeof(tmp), "%02x", token[i]);
- strncat(token_str, tmp, sizeof(tmp));
+ strlcat(token_str, tmp, sizeof(tmp));
}
}
const char *formname)
{
char token[33];
+ time_t xsrf_time = time(NULL);
- get_xsrf_token(username, pass, formname, token);
+ get_xsrf_token(username, pass, formname, xsrf_time, token);
printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n",
XSRF_TOKEN, token);
-
+ printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n",
+ XSRF_TIME, (long long int)xsrf_time);
}
bool verify_xsrf_token(const char *formname)
const char *username = cgi_user_name();
const char *pass = cgi_user_pass();
const char *token = cgi_variable_nonull(XSRF_TOKEN);
+ const char *time_str = cgi_variable_nonull(XSRF_TIME);
+ char *p = NULL;
+ long long xsrf_time_ll = 0;
+ time_t xsrf_time = 0;
+ time_t now = time(NULL);
+
+ errno = 0;
+ xsrf_time_ll = strtoll(time_str, &p, 10);
+ if (errno != 0) {
+ return false;
+ }
+ if (p == NULL) {
+ return false;
+ }
+ if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+ return false;
+ }
+ if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+ return false;
+ }
+ if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+ return false;
+ }
+ xsrf_time = xsrf_time_ll;
+
+ if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
+ return false;
+ }
- get_xsrf_token(username, pass, formname, expected);
+ get_xsrf_token(username, pass, formname, xsrf_time, expected);
return (strncmp(expected, token, sizeof(expected)) == 0);
}
break;
case P_INTEGER:
+ case P_BYTES:
printf("<input type=text size=8 name=\"parm_%s\" value=\"%d\">", make_parm_name(parm->label), *(int *)ptr);
printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%d\'\">",
_("Set Default"), make_parm_name(parm->label),(int)(parm->def.ivalue));
break;
case P_INTEGER:
+ case P_BYTES:
case P_OCTAL:
if (*(int *)ptr == (int)(parm->def.ivalue)) continue;
break;
}
iNumNonAutoPrintServices = lp_numservices();
if (pcap_cache_loaded()) {
- load_printers(server_event_context(),
- server_messaging_context());
+ struct tevent_context *ev_ctx;
+ struct messaging_context *msg_ctx;
+
+ ev_ctx = s3_tevent_context_init(NULL);
+ if (ev_ctx == NULL) {
+ printf("s3_tevent_context_init() failed\n");
+ return 0;
+ }
+ msg_ctx = messaging_init(ev_ctx, ev_ctx);
+ if (msg_ctx == NULL) {
+ printf("messaging_init() failed\n");
+ return 0;
+ }
+
+ load_printers(ev_ctx, msg_ctx);
+
+ talloc_free(ev_ctx);
}
return 1;
load_interfaces();
iNumNonAutoPrintServices = lp_numservices();
if (pcap_cache_loaded()) {
- load_printers(server_event_context(),
- server_messaging_context());
+ struct tevent_context *ev_ctx;
+ struct messaging_context *msg_ctx;
+
+ ev_ctx = s3_tevent_context_init(NULL);
+ if (ev_ctx == NULL) {
+ printf("s3_tevent_context_init() failed\n");
+ return 0;
+ }
+ msg_ctx = messaging_init(ev_ctx, ev_ctx);
+ if (msg_ctx == NULL) {
+ printf("messaging_init() failed\n");
+ return 0;
+ }
+
+ load_printers(ev_ctx, msg_ctx);
+
+ talloc_free(ev_ctx);
}
cgi_setup(get_dyn_SWATDIR(), !demo_mode);