diff options
-rw-r--r-- | source/web/cgi.c | 18 | ||||
-rw-r--r-- | source/web/swat.c | 1 |
2 files changed, 17 insertions, 2 deletions
diff --git a/source/web/cgi.c b/source/web/cgi.c index ccdc3a73e4d..890ac8e66a6 100644 --- a/source/web/cgi.c +++ b/source/web/cgi.c @@ -19,6 +19,7 @@ #include "includes.h" #include "web/swat_proto.h" +#include "secrets.h" #define MAX_VARIABLES 10000 @@ -321,7 +322,22 @@ static void cgi_web_auth(void) exit(0); } - setuid(0); + C_user = SMB_STRDUP(user); + + if (!setuid(0)) { + C_pass = secrets_fetch_generic("root", "SWAT"); + if (C_pass == NULL) { + char *tmp_pass = NULL; + tmp_pass = generate_random_str(16); + if (tmp_pass == NULL) { + printf("%sFailed to create random nonce for " + "SWAT session\n<br>%s\n", head, tail); + exit(0); + } + secrets_store_generic("root", "SWAT", tmp_pass); + C_pass = SMB_STRDUP(tmp_pass); + } + } setuid(pwd->pw_uid); if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", diff --git a/source/web/swat.c b/source/web/swat.c index 50df66e66c7..146f1cf7d2d 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -29,7 +29,6 @@ #include "includes.h" #include "web/swat_proto.h" -#include "../lib/crypto/md5.h" static int demo_mode = False; static int passwd_only = False; |