From b7af3ce33f4d640d83e3afbe3da487b6782df976 Mon Sep 17 00:00:00 2001
From: Kai Blin <kai@samba.org>
Date: Fri, 8 Jul 2011 15:03:44 +0200
Subject: s3 swat: Add XSRF protection to wizard page

Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit d499c09fc7bf6d86e9694bc8dc60b96c80d94c35)
---
 source3/web/swat.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source3/web/swat.c b/source3/web/swat.c
index 45a830f4059..88efe8e6754 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -752,6 +752,11 @@ static void wizard_page(void)
 	int have_home = -1;
 	int HomeExpo = 0;
 	int SerType = 0;
+	const char form_name[] = "wizard";
+
+	if (!verify_xsrf_token(form_name)) {
+		goto output_page;
+	}
 
 	if (cgi_variable("Rewrite")) {
 		(void) rewritecfg_file();
@@ -842,10 +847,12 @@ static void wizard_page(void)
 		winstype = 3;
 
 	role = lp_server_role();
-	
+
+output_page:
 	/* Here we go ... */
 	printf("<H2>%s</H2>\n", _("Samba Configuration Wizard"));
 	printf("<form method=post action=wizard>\n");
+	print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
 
 	if (have_write_access) {
 		printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."));
-- 
cgit v1.2.1