From 21d43b8594f9ea1eb204f2716bdd34581bb01ccf Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 12 Jul 2011 08:08:24 +0200 Subject: [PATCH] s3 swat: Create random nonce in CGI mode In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin (cherry picked from commit 589bc35590aebfdd20fe786c08005bb43ef47d94) --- source3/web/cgi.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 5b35f117c20..ef1b8562fa7 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -23,6 +23,7 @@ #include "web/swat_proto.h" #include "intl/lang_tdb.h" #include "auth.h" +#include "secrets.h" #define MAX_VARIABLES 10000 @@ -325,7 +326,24 @@ static void cgi_web_auth(void) exit(0); } - setuid(0); + C_user = SMB_STRDUP(user); + + if (!setuid(0)) { + C_pass = secrets_fetch_generic("root", "SWAT"); + if (C_pass == NULL) { + char *tmp_pass = NULL; + tmp_pass = generate_random_password(talloc_tos(), + 16, 16); + if (tmp_pass == NULL) { + printf("%sFailed to create random nonce for " + "SWAT session\n
%s\n", head, tail); + exit(0); + } + secrets_store_generic("root", "SWAT", tmp_pass); + C_pass = SMB_STRDUP(tmp_pass); + TALLOC_FREE(tmp_pass); + } + } setuid(pwd->pw_uid); if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { printf("%sFailed to become user %s - uid=%d/%d
%s\n", -- 2.11.4.GIT