From 3806fec53dcf3b6e5c3fd71917f9d67d47c65e32 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 8 Jul 2011 12:57:43 +0200 Subject: s3 swat: Add support for anti-XSRF token Signed-off-by: Kai Blin --- source/web/swat.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ source/web/swat_proto.h | 5 +++++ 2 files changed, 59 insertions(+) diff --git a/source/web/swat.c b/source/web/swat.c index 434b1ace4ec..e7d84e573df 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -29,6 +29,7 @@ #include "includes.h" #include "web/swat_proto.h" +#include "../lib/crypto/md5.h" static int demo_mode = False; static int passwd_only = False; @@ -50,6 +51,7 @@ static int iNumNonAutoPrintServices = 0; #define DISABLE_USER_FLAG "disable_user_flag" #define ENABLE_USER_FLAG "enable_user_flag" #define RHOST "remote_host" +#define XSRF_TOKEN "xsrf" #define _(x) lang_msg_rotate(talloc_tos(),x) @@ -138,6 +140,58 @@ static char *make_parm_name(const char *label) return parmname; } +void get_xsrf_token(const char *username, const char *pass, + const char *formname, char token_str[33]) +{ + struct MD5Context md5_ctx; + uint8_t token[16]; + int i; + + token_str[0] = '\0'; + ZERO_STRUCT(md5_ctx); + MD5Init(&md5_ctx); + + MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); + if (username != NULL) { + MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); + } + if (pass != NULL) { + MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); + } + + MD5Final(token, &md5_ctx); + + for(i = 0; i < sizeof(token); i++) { + char tmp[3]; + + snprintf(tmp, sizeof(tmp), "%02x", token[i]); + strncat(token_str, tmp, sizeof(tmp)); + } +} + +void print_xsrf_token(const char *username, const char *pass, + const char *formname) +{ + char token[33]; + + get_xsrf_token(username, pass, formname, token); + printf("\n", + XSRF_TOKEN, token); + +} + +bool verify_xsrf_token(const char *formname) +{ + char expected[33]; + const char *username = cgi_user_name(); + const char *pass = cgi_user_pass(); + const char *token = cgi_variable_nonull(XSRF_TOKEN); + + get_xsrf_token(username, pass, formname, expected); + return (strncmp(expected, token, sizeof(expected)) == 0); +} + + /**************************************************************************** include a lump of html in a page ****************************************************************************/ diff --git a/source/web/swat_proto.h b/source/web/swat_proto.h index 76f9c3c68f1..e66c9420db5 100644 --- a/source/web/swat_proto.h +++ b/source/web/swat_proto.h @@ -67,5 +67,10 @@ void status_page(void); /* The following definitions come from web/swat.c */ const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid); +void get_xsrf_token(const char *username, const char *pass, + const char *formname, char token_str[33]); +void print_xsrf_token(const char *username, const char *pass, + const char *formname); +bool verify_xsrf_token(const char *formname); #endif /* _SWAT_PROTO_H_ */ -- cgit