#include "web/swat_proto.h"
#include "intl/lang_tdb.h"
#include "auth.h"
+#include "secrets.h"
#define MAX_VARIABLES 10000
static const char *baseurl;
static char *pathinfo;
static char *C_user;
+static char *C_pass;
static bool inetd_server;
static bool got_request;
exit(0);
}
- setuid(0);
+ C_user = SMB_STRDUP(user);
+
+ if (!setuid(0)) {
+ C_pass = secrets_fetch_generic("root", "SWAT");
+ if (C_pass == NULL) {
+ char *tmp_pass = NULL;
+ tmp_pass = generate_random_password(talloc_tos(),
+ 16, 16);
+ if (tmp_pass == NULL) {
+ printf("%sFailed to create random nonce for "
+ "SWAT session\n<br>%s\n", head, tail);
+ exit(0);
+ }
+ secrets_store_generic("root", "SWAT", tmp_pass);
+ C_pass = SMB_STRDUP(tmp_pass);
+ TALLOC_FREE(tmp_pass);
+ }
+ }
setuid(pwd->pw_uid);
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
/* Save the users name */
C_user = SMB_STRDUP(user);
+ C_pass = SMB_STRDUP(user_pass);
TALLOC_FREE(pass);
return True;
}
return(C_user);
}
+/***************************************************************************
+return a ptr to the users password
+ ***************************************************************************/
+char *cgi_user_pass(void)
+{
+ return(C_pass);
+}
/***************************************************************************
handle a file download