mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Added the security changes suggested by Andrew - become the
user that authenticated to swat permanently (if not root).
Jeremy.
(This used to be commit 7d55bf3791
)
This commit is contained in:
parent
84c10df026
commit
b0a2e2e778
@ -2657,4 +2657,5 @@ void status_page(void);
|
|||||||
|
|
||||||
/*The following definitions come from web/swat.c */
|
/*The following definitions come from web/swat.c */
|
||||||
|
|
||||||
|
BOOL become_user_permanently(uid_t uid, gid_t gid);
|
||||||
#endif /* _PROTO_H_ */
|
#endif /* _PROTO_H_ */
|
||||||
|
@ -293,29 +293,83 @@ static void base64_decode(char *s)
|
|||||||
/***************************************************************************
|
/***************************************************************************
|
||||||
handle a http authentication line
|
handle a http authentication line
|
||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
static int cgi_handle_authorization(char *line)
|
static BOOL cgi_handle_authorization(char *line)
|
||||||
{
|
{
|
||||||
char *p, *user, *pass;
|
char *p, *user, *user_pass;
|
||||||
|
struct passwd *pass = NULL;
|
||||||
|
int ret = False;
|
||||||
|
|
||||||
if (strncasecmp(line,"Basic ", 6)) {
|
if (strncasecmp(line,"Basic ", 6)) {
|
||||||
cgi_setup_error("401 Bad Authorization", "",
|
cgi_setup_error("401 Bad Authorization", "",
|
||||||
"Only basic authorization is understood");
|
"Only basic authorization is understood");
|
||||||
|
return False;
|
||||||
}
|
}
|
||||||
line += 6;
|
line += 6;
|
||||||
while (line[0] == ' ') line++;
|
while (line[0] == ' ') line++;
|
||||||
base64_decode(line);
|
base64_decode(line);
|
||||||
if (!(p=strchr(line,':'))) {
|
if (!(p=strchr(line,':'))) {
|
||||||
|
/*
|
||||||
|
* Always give the same error so a cracker
|
||||||
|
* cannot tell why we fail.
|
||||||
|
*/
|
||||||
cgi_setup_error("401 Bad Authorization", "",
|
cgi_setup_error("401 Bad Authorization", "",
|
||||||
"username/password must be supplied");
|
"username/password must be supplied");
|
||||||
|
return False;
|
||||||
}
|
}
|
||||||
*p = 0;
|
*p = 0;
|
||||||
user = line;
|
user = line;
|
||||||
pass = p+1;
|
user_pass = p+1;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Try and get the user from the UNIX password file.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if(!(pass = Get_Pwnam(user,False))) {
|
||||||
|
/*
|
||||||
|
* Always give the same error so a cracker
|
||||||
|
* cannot tell why we fail.
|
||||||
|
*/
|
||||||
|
cgi_setup_error("401 Bad Authorization", "",
|
||||||
|
"username/password must be supplied");
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Validate the password they have given.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if((ret = pass_check(user, user_pass, strlen(user_pass), NULL, NULL)) == True) {
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Password was ok.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if(pass->pw_uid != 0) {
|
||||||
|
/*
|
||||||
|
* We have not authenticated as root,
|
||||||
|
* become the user *permanently*.
|
||||||
|
*/
|
||||||
|
if(!become_user_permanently(pass->pw_uid, pass->pw_gid)) {
|
||||||
|
/*
|
||||||
|
* Always give the same error so a cracker
|
||||||
|
* cannot tell why we fail.
|
||||||
|
*/
|
||||||
|
cgi_setup_error("401 Bad Authorization", "",
|
||||||
|
"username/password must be supplied");
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* On exit from here we are the authenticated
|
||||||
|
* user - no way back.
|
||||||
|
*/
|
||||||
|
}
|
||||||
|
|
||||||
/* Save the users name */
|
/* Save the users name */
|
||||||
C_user = strdup(user);
|
C_user = strdup(user);
|
||||||
|
}
|
||||||
|
|
||||||
return pass_check(user, pass, strlen(pass), NULL, NULL);
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/***************************************************************************
|
/***************************************************************************
|
||||||
@ -323,7 +377,7 @@ is this root?
|
|||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
BOOL am_root(void)
|
BOOL am_root(void)
|
||||||
{
|
{
|
||||||
if ((C_user) && (strcmp(C_user,"root") == 0)) {
|
if (geteuid() == 0) {
|
||||||
return( True);
|
return( True);
|
||||||
} else {
|
} else {
|
||||||
return( False);
|
return( False);
|
||||||
@ -393,7 +447,7 @@ run as a true cgi program by a web browser or is itself a mini web server
|
|||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
void cgi_setup(char *rootdir, int auth_required)
|
void cgi_setup(char *rootdir, int auth_required)
|
||||||
{
|
{
|
||||||
int authenticated = 0;
|
BOOL authenticated = False;
|
||||||
char line[1024];
|
char line[1024];
|
||||||
char *url=NULL;
|
char *url=NULL;
|
||||||
char *p;
|
char *p;
|
||||||
|
@ -771,76 +771,64 @@ static BOOL talk_to_smbpasswd(char *old, char *new)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
become the specified uid
|
become the specified uid - permanently !
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
static BOOL become_uid(uid_t uid)
|
|
||||||
|
BOOL become_user_permanently(uid_t uid, gid_t gid)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_TRAPDOOR_UID
|
|
||||||
#ifdef HAVE_SETUIDX
|
if (geteuid() != 0) {
|
||||||
/* AIX3 has setuidx which is NOT a trapoor function (tridge) */
|
return(True);
|
||||||
if (setuidx(ID_EFFECTIVE, uid) != 0) {
|
}
|
||||||
if (seteuid(uid) != 0) {
|
|
||||||
printf("<p> Can't set uid %d (setuidx)\n", (int)uid);
|
/* now completely lose our privilages. This is a fairly paranoid
|
||||||
|
way of doing it, but it does work on all systems that I know of */
|
||||||
|
|
||||||
|
#ifdef HAVE_SETRESUID
|
||||||
|
/*
|
||||||
|
* Firstly ensure all our uids are set to root.
|
||||||
|
*/
|
||||||
|
setresgid(0,0,0);
|
||||||
|
setresuid(0,0,0);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Now ensure we change all our gids.
|
||||||
|
*/
|
||||||
|
setresgid(gid,gid,gid);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Now ensure all the uids are the user.
|
||||||
|
*/
|
||||||
|
setresuid(uid,uid,uid);
|
||||||
|
#else
|
||||||
|
/*
|
||||||
|
* Firstly ensure all our uids are set to root.
|
||||||
|
*/
|
||||||
|
setuid(0);
|
||||||
|
seteuid(0);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Now ensure we change all our gids.
|
||||||
|
*/
|
||||||
|
setgid(gid);
|
||||||
|
setegid(gid);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Now ensure all the uids are the user.
|
||||||
|
*/
|
||||||
|
setuid(uid);
|
||||||
|
seteuid(uid);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (getuid() != uid || geteuid() != uid ||
|
||||||
|
getgid() != gid || getegid() != gid) {
|
||||||
|
/* We failed to lose our privilages. */
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_SETRESUID
|
|
||||||
if (setresuid(-1,uid,-1) != 0)
|
|
||||||
#else
|
|
||||||
if ((seteuid(uid) != 0) && (setuid(uid) != 0))
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
printf("<p> Couldn't set uid %d currently set to (uid %d, euid %d)\n",
|
|
||||||
(int)uid,(int)getuid(), (int)geteuid());
|
|
||||||
if (uid > (uid_t)32000) {
|
|
||||||
printf("<p> Looks like your OS doesn't like high uid values - try using a different account\n");
|
|
||||||
|
|
||||||
}
|
|
||||||
return(False);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (((uid == (uid_t)-1) || ((sizeof(uid_t) == 2) && (uid == 65535))) &&
|
|
||||||
(geteuid() != uid)) {
|
|
||||||
printf("<p> Invalid uid -1. perhaps you have a account with uid 65535?\n");
|
|
||||||
return(False);
|
|
||||||
}
|
|
||||||
|
|
||||||
return(True);
|
return(True);
|
||||||
}
|
}
|
||||||
|
|
||||||
/****************************************************************************
|
|
||||||
become the specified gid
|
|
||||||
****************************************************************************/
|
|
||||||
static BOOL become_gid(gid_t gid)
|
|
||||||
{
|
|
||||||
#ifdef HAVE_SETRESUID
|
|
||||||
if (setresgid(-1,gid,-1) != 0)
|
|
||||||
#else
|
|
||||||
if (setgid(gid) != 0)
|
|
||||||
#endif
|
|
||||||
{
|
|
||||||
printf("<p> Couldn't set gid %d currently set to (gid %d, egid %d)\n",
|
|
||||||
(int)gid,(int)getgid(),(int)getegid());
|
|
||||||
if (gid > 32000) {
|
|
||||||
printf("<p> Looks like your OS doesn't like high gid values - try using a different account\n");
|
|
||||||
}
|
|
||||||
return(False);
|
|
||||||
}
|
|
||||||
|
|
||||||
return(True);
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
|
||||||
become the specified uid and gid
|
|
||||||
****************************************************************************/
|
|
||||||
static BOOL become_id(uid_t uid,gid_t gid)
|
|
||||||
{
|
|
||||||
return(become_gid(gid) && become_uid(uid));
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
do the stuff required to add or change a password
|
do the stuff required to add or change a password
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
@ -881,19 +869,6 @@ static void chg_passwd(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get the UID/GID of the user, and become that user */
|
|
||||||
if (am_root() == False) {
|
|
||||||
pass = Get_Pwnam(cgi_variable(user),True);
|
|
||||||
if (pass == NULL) {
|
|
||||||
printf("<p> User uid unknown \n");
|
|
||||||
} else {
|
|
||||||
if (become_id(pass->pw_uid, pass->pw_gid) == False) {
|
|
||||||
printf("<p> uid/gid set failed \n");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef SWAT_DEBUG
|
#ifdef SWAT_DEBUG
|
||||||
if (pass) printf("<p> User uid %d gid %d \n", pass->pw_uid, pass->pw_gid);
|
if (pass) printf("<p> User uid %d gid %d \n", pass->pw_uid, pass->pw_gid);
|
||||||
printf("<p> Processes uid %d, euid %d, gid %d, egid %d \n",getuid(),geteuid(),getgid(),getegid());
|
printf("<p> Processes uid %d, euid %d, gid %d, egid %d \n",getuid(),geteuid(),getgid(),getegid());
|
||||||
@ -1138,4 +1113,3 @@ static void printers_page(void)
|
|||||||
print_footer();
|
print_footer();
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user