Changeset 745 for trunk/server/source3/web/cgi.c

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• source3/web/cgi.c (modified) (15 diffs)

trunk/server/source3/web/cgi.c

@@ -2 +2 @@
    some simple CGI helper routines
    Copyright (C) Andrew Tridgell 1997-1998
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
@@ -19 +19 @@
 
 #include "includes.h"
+
+
 #include "web/swat_proto.h"
+
+
 #include "secrets.h"
-#include "../lib/util/util.h"
 
 #define MAX_VARIABLES 10000
@@ -57 +60 @@
         while ((*cl)) {
                 int c;
-        
+
                 if (i == len) {
                         char *ret2;
@@ -66 +69 @@
                         ret = ret2;
                 }
-        
+
                 c = fgetc(f);
                 (*cl)--;
@@ -74 +77 @@
                         break;
                 }
-                
+
                 if (c == '\r') continue;
 
@@ -82 +85 @@
 
         }
-        
+
         if (ret) {
                 ret[i] = 0;
@@ -136 +139 @@
                         p = strchr_m(line,'=');
                         if (!p) continue;
-                        
+
                         *p = 0;
-                        
+
                         variables[num_variables].name = SMB_STRDUP(line);
                         variables[num_variables].value = SMB_STRDUP(p+1);
 
                         SAFE_FREE(line);
-                        
+
                         if (!variables[num_variables].name || 
                             !variables[num_variables].value)
@@ -158 +161 @@
                                variables[num_variables].value);
 #endif
-                        
+
                         num_variables++;
                         if (num_variables == MAX_VARIABLES) break;
@@ -173 +176 @@
                         p = strchr_m(tok,'=');
                         if (!p) continue;
-                        
+
                         *p = 0;
-                        
+
                         variables[num_variables].name = SMB_STRDUP(tok);
                         variables[num_variables].value = SMB_STRDUP(p+1);
@@ -319 +322 @@
 
 #ifndef __OS2__
-        pwd = Get_Pwnam_alloc(talloc_autofree_context(), user);
-        
+        pwd = Get_Pwnam_alloc(talloc_tos(), user);
         if (!pwd) {
                 printf("%sCannot find user %s<br>%s\n", head, user, tail);
@@ -332 +334 @@
                 if (C_pass == NULL) {
                         char *tmp_pass = NULL;
-                        tmp_pass = generate_random_str(talloc_tos(), 16);
+                        tmp_pass = generate_random_password(talloc_tos(),
+                                                            16, 16);
                         if (tmp_pass == NULL) {
                                 printf("%sFailed to create random nonce for "
@@ -362 +365 @@
         fstring user, user_pass;
         struct passwd *pass = NULL;
+
+
 
         if (!strnequal(line,"Basic ", 6)) {
@@ -389 +394 @@
          * Try and get the user from the UNIX password file.
          */
-        
-        pass = Get_Pwnam_alloc(talloc_autofree_context(), user);
-        
+
+        pass = Get_Pwnam_alloc(talloc_tos(), user);
+
+        rhost = client_name(1);
+        if (strequal(rhost,"UNKNOWN"))
+                rhost = client_addr(1, addr, sizeof(addr));
+
         /*
          * Validate the password they have given.
          */
-        
-        if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, 
-                      strlen(user_pass), NULL, False)) {
-                
+
+        if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
                 if (pass) {
                         /*
                          * Password was ok.
                          */
-                        
+
                         if ( initgroups(pass->pw_name, pass->pw_gid) != 0 )
                                 goto err;
 
                         become_user_permanently(pass->pw_uid, pass->pw_gid);
-                        
+
                         /* Save the users name */
                         C_user = SMB_STRDUP(user);
@@ -416 +423 @@
                 }
         }
-        
+
 err:
         cgi_setup_error("401 Bad Authorization", 
@@ -539 +546 @@
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 /**