X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=blobdiff_plain;f=source3%2Fweb%2Fswat.c;h=1e676a5aecc90b2da8c9e42258506b975cb13df8;hp=d1fd0b4f9bc702d6128e23e84a0517d71903d84d;hb=666dba33531c7e7d391318c915fb393ec5b1da36;hpb=4340b7cea74203799f7cd5d2457cbe062b42425c
diff --git a/source3/web/swat.c b/source3/web/swat.c
index d1fd0b4f9bc..1e676a5aecc 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -4,20 +4,19 @@
Version 3.0.0
Copyright (C) Andrew Tridgell 1997-2002
Copyright (C) John H Terpstra 2002
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see .
*/
/**
@@ -29,12 +28,21 @@
**/
#include "includes.h"
+#include "system/filesys.h"
+#include "popt_common.h"
#include "web/swat_proto.h"
-
-static BOOL demo_mode = False;
-static BOOL passwd_only = False;
-static BOOL have_write_access = False;
-static BOOL have_read_access = False;
+#include "printing/pcap.h"
+#include "printing/load.h"
+#include "passdb.h"
+#include "intl/lang_tdb.h"
+#include "../lib/crypto/md5.h"
+#include "lib/param/loadparm.h"
+#include "messages.h"
+
+static int demo_mode = False;
+static int passwd_only = False;
+static bool have_write_access = False;
+static bool have_read_access = False;
static int iNumNonAutoPrintServices = 0;
/*
@@ -51,7 +59,11 @@ static int iNumNonAutoPrintServices = 0;
#define DISABLE_USER_FLAG "disable_user_flag"
#define ENABLE_USER_FLAG "enable_user_flag"
#define RHOST "remote_host"
+#define XSRF_TOKEN "xsrf"
+#define XSRF_TIME "xsrf_time"
+#define XSRF_TIMEOUT 300
+#define _(x) lang_msg_rotate(talloc_tos(),x)
/****************************************************************************
****************************************************************************/
@@ -77,21 +89,35 @@ static char *fix_backslash(const char *str)
return newstring;
}
-static char *fix_quotes(const char *str)
+static const char *fix_quotes(TALLOC_CTX *ctx, char *str)
{
- static pstring newstring;
- char *p = newstring;
- size_t newstring_len = sizeof(newstring);
+ char *newstring = NULL;
+ char *p = NULL;
+ size_t newstring_len;
int quote_len = strlen(""");
- while (*str) {
- if ( *str == '\"' && (newstring_len - PTR_DIFF(p, newstring) - 1) > quote_len ) {
- strncpy( p, """, quote_len);
+ /* Count the number of quotes. */
+ newstring_len = 1;
+ p = (char *) str;
+ while (*p) {
+ if ( *p == '\"') {
+ newstring_len += quote_len;
+ } else {
+ newstring_len++;
+ }
+ ++p;
+ }
+ newstring = talloc_array(ctx, char, newstring_len);
+ if (!newstring) {
+ return "";
+ }
+ for (p = newstring; *str; str++) {
+ if ( *str == '\"') {
+ strncpy( p, """, quote_len);
p += quote_len;
} else {
*p++ = *str;
}
- ++str;
}
*p = '\0';
return newstring;
@@ -103,7 +129,7 @@ static char *stripspaceupper(const char *str)
char *p = newstring;
while (*str) {
- if (*str != ' ') *p++ = toupper_ascii(*str);
+ if (*str != ' ') *p++ = toupper_m(*str);
++str;
}
*p = '\0';
@@ -124,6 +150,90 @@ static char *make_parm_name(const char *label)
return parmname;
}
+void get_xsrf_token(const char *username, const char *pass,
+ const char *formname, time_t xsrf_time, char token_str[33])
+{
+ struct MD5Context md5_ctx;
+ uint8_t token[16];
+ int i;
+
+ token_str[0] = '\0';
+ ZERO_STRUCT(md5_ctx);
+ MD5Init(&md5_ctx);
+
+ MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
+ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
+ if (username != NULL) {
+ MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
+ }
+ if (pass != NULL) {
+ MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
+ }
+
+ MD5Final(token, &md5_ctx);
+
+ for(i = 0; i < sizeof(token); i++) {
+ char tmp[3];
+
+ snprintf(tmp, sizeof(tmp), "%02x", token[i]);
+ /* FIXME ! Truncate check. JRA. */
+ (void)strlcat(token_str, tmp, sizeof(tmp));
+ }
+}
+
+void print_xsrf_token(const char *username, const char *pass,
+ const char *formname)
+{
+ char token[33];
+ time_t xsrf_time = time(NULL);
+
+ get_xsrf_token(username, pass, formname, xsrf_time, token);
+ printf("\n",
+ XSRF_TOKEN, token);
+ printf("\n",
+ XSRF_TIME, (long long int)xsrf_time);
+}
+
+bool verify_xsrf_token(const char *formname)
+{
+ char expected[33];
+ const char *username = cgi_user_name();
+ const char *pass = cgi_user_pass();
+ const char *token = cgi_variable_nonull(XSRF_TOKEN);
+ const char *time_str = cgi_variable_nonull(XSRF_TIME);
+ char *p = NULL;
+ long long xsrf_time_ll = 0;
+ time_t xsrf_time = 0;
+ time_t now = time(NULL);
+
+ errno = 0;
+ xsrf_time_ll = strtoll(time_str, &p, 10);
+ if (errno != 0) {
+ return false;
+ }
+ if (p == NULL) {
+ return false;
+ }
+ if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+ return false;
+ }
+ if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+ return false;
+ }
+ if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+ return false;
+ }
+ xsrf_time = xsrf_time_ll;
+
+ if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
+ return false;
+ }
+
+ get_xsrf_token(username, pass, formname, xsrf_time, expected);
+ return (strncmp(expected, token, sizeof(expected)) == 0);
+}
+
+
/****************************************************************************
include a lump of html in a page
****************************************************************************/
@@ -142,7 +252,9 @@ static int include_html(const char *fname)
}
while ((ret = read(fd, buf, sizeof(buf))) > 0) {
- write(1, buf, ret);
+ if (write(1, buf, ret) == -1) {
+ break;
+ }
}
close(fd);
@@ -180,25 +292,24 @@ static void print_header(void)
"i18n_translated_parm" class is used to change the color of the
translated parameter with CSS.
**************************************************************** */
-static const char* get_parm_translated(
+static const char *get_parm_translated(TALLOC_CTX *ctx,
const char* pAnchor, const char* pHelp, const char* pLabel)
{
- const char* pTranslated = _(pLabel);
- static pstring output;
- if(strcmp(pLabel, pTranslated) != 0)
- {
- pstr_sprintf(output,
+ const char *pTranslated = _(pLabel);
+ char *output;
+ if(strcmp(pLabel, pTranslated) != 0) {
+ output = talloc_asprintf(ctx,
" %s %s
%s",
pAnchor, pHelp, pLabel, pTranslated);
return output;
}
- pstr_sprintf(output,
+ output = talloc_asprintf(ctx,
" %s %s",
pAnchor, pHelp, pLabel);
return output;
}
/****************************************************************************
- finish off the page
+ finish off the page
****************************************************************************/
static void print_footer(void)
{
@@ -208,19 +319,24 @@ static void print_footer(void)
}
/****************************************************************************
- display one editable parameter in a form
+ display one editable parameter in a form
****************************************************************************/
static void show_parameter(int snum, struct parm_struct *parm)
{
int i;
- void *ptr = parm->ptr;
+ void *ptr;
char *utf8_s1, *utf8_s2;
+ size_t converted_size;
+ TALLOC_CTX *ctx = talloc_stackframe();
if (parm->p_class == P_LOCAL && snum >= 0) {
- ptr = lp_local_ptr(snum, ptr);
+ ptr = lp_local_ptr_by_snum(snum, parm);
+ } else {
+ ptr = lp_parm_ptr(NULL, parm);
}
- printf("
%s | ", get_parm_translated(stripspaceupper(parm->label), _("Help"), parm->label));
+ printf(" |
%s | ", get_parm_translated(ctx,
+ stripspaceupper(parm->label), _("Help"), parm->label));
switch (parm->type) {
case P_CHAR:
printf("",
@@ -237,16 +353,16 @@ static void show_parameter(int snum, struct parm_struct *parm)
for (;*list;list++) {
/* enclose in HTML encoded quotes if the string contains a space */
if ( strchr_m(*list, ' ') ) {
- push_utf8_allocate(&utf8_s1, *list);
- push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+ push_utf8_talloc(talloc_tos(), &utf8_s1, *list, &converted_size);
+ push_utf8_talloc(talloc_tos(), &utf8_s2, ((*(list+1))?", ":""), &converted_size);
printf(""%s"%s", utf8_s1, utf8_s2);
} else {
- push_utf8_allocate(&utf8_s1, *list);
- push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+ push_utf8_talloc(talloc_tos(), &utf8_s1, *list, &converted_size);
+ push_utf8_talloc(talloc_tos(), &utf8_s2, ((*(list+1))?", ":""), &converted_size);
printf("%s%s", utf8_s1, utf8_s2);
}
- SAFE_FREE(utf8_s1);
- SAFE_FREE(utf8_s2);
+ TALLOC_FREE(utf8_s1);
+ TALLOC_FREE(utf8_s2);
}
}
printf("\">");
@@ -256,7 +372,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
char **list = (char **)(parm->def.lvalue);
for (; *list; list++) {
/* enclose in HTML encoded quotes if the string contains a space */
- if ( strchr_m(*list, ' ') )
+ if ( strchr_m(*list, ' ') )
printf(""%s"%s", *list, ((*(list+1))?", ":""));
else
printf("%s%s", *list, ((*(list+1))?", ":""));
@@ -267,54 +383,52 @@ static void show_parameter(int snum, struct parm_struct *parm)
case P_STRING:
case P_USTRING:
- push_utf8_allocate(&utf8_s1, *(char **)ptr);
- printf("",
- make_parm_name(parm->label), fix_quotes(utf8_s1));
- SAFE_FREE(utf8_s1);
- printf("",
- _("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
- break;
-
- case P_GSTRING:
- case P_UGSTRING:
- push_utf8_allocate(&utf8_s1, (char *)ptr);
+ push_utf8_talloc(talloc_tos(), &utf8_s1, *(char **)ptr, &converted_size);
printf("",
- make_parm_name(parm->label), fix_quotes(utf8_s1));
- SAFE_FREE(utf8_s1);
+ make_parm_name(parm->label), fix_quotes(ctx, utf8_s1));
+ TALLOC_FREE(utf8_s1);
printf("",
_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
break;
case P_BOOL:
printf("");
printf("",
- _("Set Default"), make_parm_name(parm->label),(BOOL)(parm->def.bvalue)?0:1);
+ _("Set Default"), make_parm_name(parm->label),(bool)(parm->def.bvalue)?0:1);
break;
case P_BOOLREV:
printf("");
printf("",
- _("Set Default"), make_parm_name(parm->label),(BOOL)(parm->def.bvalue)?1:0);
+ _("Set Default"), make_parm_name(parm->label),(bool)(parm->def.bvalue)?1:0);
break;
case P_INTEGER:
+ case P_BYTES:
printf("", make_parm_name(parm->label), *(int *)ptr);
printf("",
_("Set Default"), make_parm_name(parm->label),(int)(parm->def.ivalue));
break;
- case P_OCTAL:
- printf("", make_parm_name(parm->label), octal_string(*(int *)ptr));
- printf("",
- _("Set Default"), make_parm_name(parm->label),
- octal_string((int)(parm->def.ivalue)));
+ case P_OCTAL: {
+ char *o;
+ o = octal_string(*(int *)ptr);
+ printf("",
+ make_parm_name(parm->label), o);
+ TALLOC_FREE(o);
+ o = octal_string((int)(parm->def.ivalue));
+ printf("",
+ _("Set Default"), make_parm_name(parm->label), o);
+ TALLOC_FREE(o);
break;
+ }
case P_ENUM:
printf(" |
\n");
+ TALLOC_FREE(ctx);
}
/****************************************************************************
@@ -358,10 +473,11 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
if (!( parm_filter & FLAG_ADVANCED )) {
if (!(parm->flags & FLAG_BASIC)) {
- void *ptr = parm->ptr;
-
+ void *ptr;
if (parm->p_class == P_LOCAL && snum >= 0) {
- ptr = lp_local_ptr(snum, ptr);
+ ptr = lp_local_ptr_by_snum(snum, parm);
+ } else {
+ ptr = lp_parm_ptr(NULL, parm);
}
switch (parm->type) {
@@ -370,7 +486,8 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
break;
case P_LIST:
- if (!str_list_compare(*(char ***)ptr, (char **)(parm->def.lvalue))) continue;
+ if (!str_list_equal(*(const char ***)ptr,
+ (const char **)(parm->def.lvalue))) continue;
break;
case P_STRING:
@@ -378,17 +495,13 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
if (!strcmp(*(char **)ptr,(char *)(parm->def.svalue))) continue;
break;
- case P_GSTRING:
- case P_UGSTRING:
- if (!strcmp((char *)ptr,(char *)(parm->def.svalue))) continue;
- break;
-
case P_BOOL:
case P_BOOLREV:
- if (*(BOOL *)ptr == (BOOL)(parm->def.bvalue)) continue;
+ if (*(bool *)ptr == (bool)(parm->def.bvalue)) continue;
break;
case P_INTEGER:
+ case P_BYTES:
case P_OCTAL:
if (*(int *)ptr == (int)(parm->def.ivalue)) continue;
break;
@@ -405,9 +518,9 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
}
if ((parm_filter & FLAG_WIZARD) && !(parm->flags & FLAG_WIZARD)) continue;
-
+
if ((parm_filter & FLAG_ADVANCED) && !(parm->flags & FLAG_ADVANCED)) continue;
-
+
if (heading && heading != last_heading) {
printf(" |
%s |
\n", _(heading));
last_heading = heading;
@@ -419,22 +532,25 @@ static void show_parameters(int snum, int allparameters, unsigned int parm_filte
/****************************************************************************
load the smb.conf file into loadparm.
****************************************************************************/
-static BOOL load_config(BOOL save_def)
+static bool load_config(bool save_def)
{
- lp_resetnumservices();
- return lp_load(dyn_CONFIGFILE,False,save_def,False,True);
+ return lp_load(get_dyn_CONFIGFILE(),False,save_def,False,True);
}
/****************************************************************************
write a config file
****************************************************************************/
-static void write_config(FILE *f, BOOL show_defaults)
+static void write_config(FILE *f, bool show_defaults)
{
+ TALLOC_CTX *ctx = talloc_stackframe();
+
fprintf(f, "# Samba config file created using SWAT\n");
fprintf(f, "# from %s (%s)\n", cgi_remote_host(), cgi_remote_addr());
- fprintf(f, "# Date: %s\n\n", timestring(False));
-
+ fprintf(f, "# Date: %s\n\n", current_timestring(ctx, False));
+
lp_dump(f, show_defaults, iNumNonAutoPrintServices);
+
+ TALLOC_FREE(ctx);
}
/****************************************************************************
@@ -445,9 +561,9 @@ static int save_reload(int snum)
FILE *f;
struct stat st;
- f = sys_fopen(dyn_CONFIGFILE,"w");
+ f = fopen(get_dyn_CONFIGFILE(),"w");
if (!f) {
- printf(_("failed to open %s for writing"), dyn_CONFIGFILE);
+ printf(_("failed to open %s for writing"), get_dyn_CONFIGFILE());
printf("\n");
return 0;
}
@@ -458,24 +574,42 @@ static int save_reload(int snum)
#if defined HAVE_FCHMOD
fchmod(fileno(f), S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
#else
- chmod(dyn_CONFIGFILE, S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
+ chmod(get_dyn_CONFIGFILE(), S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
#endif
}
write_config(f, False);
- if (snum)
+ if (snum >= 0)
lp_dump_one(f, False, snum);
fclose(f);
- lp_killunused(NULL);
+ lp_kill_all_services();
if (!load_config(False)) {
- printf(_("Can't reload %s"), dyn_CONFIGFILE);
+ printf(_("Can't reload %s"), get_dyn_CONFIGFILE());
printf("\n");
return 0;
}
iNumNonAutoPrintServices = lp_numservices();
- load_printers();
+ if (pcap_cache_loaded()) {
+ struct tevent_context *ev_ctx;
+ struct messaging_context *msg_ctx;
+
+ ev_ctx = s3_tevent_context_init(NULL);
+ if (ev_ctx == NULL) {
+ printf("s3_tevent_context_init() failed\n");
+ return 0;
+ }
+ msg_ctx = messaging_init(ev_ctx, ev_ctx);
+ if (msg_ctx == NULL) {
+ printf("messaging_init() failed\n");
+ return 0;
+ }
+
+ load_printers(ev_ctx, msg_ctx);
+
+ talloc_free(ev_ctx);
+ }
return 1;
}
@@ -510,14 +644,17 @@ static void commit_parameters(int snum)
{
int i = 0;
struct parm_struct *parm;
- pstring label;
+ char *label;
const char *v;
while ((parm = lp_next_parameter(snum, &i, 1))) {
- slprintf(label, sizeof(label)-1, "parm_%s", make_parm_name(parm->label));
- if ((v = cgi_variable(label)) != NULL) {
- if (parm->flags & FLAG_HIDE) continue;
- commit_parameter(snum, parm, v);
+ if (asprintf(&label, "parm_%s", make_parm_name(parm->label)) > 0) {
+ if ((v = cgi_variable(label)) != NULL) {
+ if (parm->flags & FLAG_HIDE)
+ continue;
+ commit_parameter(snum, parm, v);
+ }
+ SAFE_FREE(label);
}
}
}
@@ -538,7 +675,7 @@ static void image_link(const char *name, const char *hlink, const char *src)
static void show_main_buttons(void)
{
char *p;
-
+
if ((p = cgi_user_name()) && strcmp(p, "root")) {
printf(_("Logged in as %s"), p);
printf("\n");
@@ -580,7 +717,7 @@ static void ViewModeBoxes(int mode)
****************************************************************************/
static void welcome_page(void)
{
- if (file_exist("help/welcome.html", NULL)) {
+ if (file_exist("help/welcome.html")) {
include_html("help/welcome.html");
} else {
include_html("help/welcome-no-samba-doc.html");
@@ -593,13 +730,20 @@ static void welcome_page(void)
static void viewconfig_page(void)
{
int full_view=0;
+ const char form_name[] = "viewconfig";
+
+ if (!verify_xsrf_token(form_name)) {
+ goto output_page;
+ }
if (cgi_variable("full_view")) {
full_view = 1;
}
+output_page:
printf("
%s
\n", _("Current Config"));
printf("