summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-26s4-upgradeprovision: Detect recent provision in a more reliable wayMatthieu Patou1-1/+12
2011-07-26s3 swat: Create random nonce in CGI modeKai Blin1-1/+19
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
2011-07-26s3 swat: Add time component to XSRF tokenKai Blin2-5/+25
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to printer pageKai Blin1-10/+18
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to password pageKai Blin1-3/+8
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to shares pageKai Blin1-5/+13
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to globals pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard_params pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to viewconfig pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to status pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add support for anti-XSRF tokenKai Blin2-0/+59
2011-07-26s3 swat: Allow getting the user's HTTP auth passwordKai Blin2-0/+10
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3-swat: Fix typo.Karolin Seeger1-1/+1
Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
2011-07-26s3 swat: Fix possible XSS attack (bug #8289)Kai Blin1-12/+2
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26talloc: Support PYTHON environment variable.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 22:21:30 CEST 2011 on sn-devel-104
2011-07-26s3-build: Only define ldb3 when not in standalone build.Jelmer Vernooij1-4/+3
This prevents errors about it by 'make SYMBOLCHECK=1' if there is a system ldb present. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 18:21:48 CEST 2011 on sn-devel-104
2011-07-26shares: Remove dependencies on share modules.Jelmer Vernooij1-1/+1
The build system will already pull these in - if necessary.
2011-07-26s4:samba-tool: ldapcmp needs CredentialsOptionsDoubleStefan Metzmacher1-0/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 26 17:09:32 CEST 2011 on sn-devel-104
2011-07-26s3:lib change default share security access maskChristian Ambach1-3/+3
when there is no share SD set, the default share SD that is used e.g. for the output of sharesec -v defaults to a value that is not equivalent to the desired FULL access. This is a more or less a cosmetical follow-up for the patches in Bug #8201 that makes them more consumeable by printing FULL (that is what the user expects) instead of a bitmask in hexadecimal form. previous output: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/0x101f01ff with patch: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104
2011-07-26libsamba-util: Build in libbitmap.Jelmer Vernooij3-11/+4
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 14:45:27 CEST 2011 on sn-devel-104
2011-07-26policy: Rename to samba-policy to avoid name space clashes.Jelmer Vernooij3-6/+6
2011-07-26cli_composite: Lowercase name.Jelmer Vernooij4-5/+5
2011-07-26cli_smb_common: Lowercase name.Jelmer Vernooij3-7/+7
2011-07-26cli_cldap: Lowercase name.Jelmer Vernooij6-6/+6
2011-07-26cli_spools: Lowercase name.Jelmer Vernooij1-5/+5
2011-07-26s3: Fix MIT trustsVolker Lendecke1-0/+5
Winbind can't really cope with trusts that don't have a SID associated. This happens with external MIT trusts for example. This filters them out when sending the trust list from child to parent. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104
2011-07-26s4:kdc: canonicalize the principal if HDB_F_FOR_TGS_REQ is givenStefan Metzmacher1-2/+7
Windows seems to always canonicalize the principal in TGS replies. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 26 03:25:06 CEST 2011 on sn-devel-104
2011-07-26s4:heimdal_build: hdb.asn1 needs --sequence=HDB-Ext-KeySet --sequence=KeysStefan Metzmacher1-0/+1
metze
2011-07-26s4:heimdal: import lorikeet-heimdal-201107241840 (commit ↵Stefan Metzmacher42-115/+555
0fdf11fa3cdb47df9f5393ebf36d9f5742243036)
2011-07-25Fix typo Loggs -> Logs.Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Jul 25 23:49:04 CEST 2011 on sn-devel-104
2011-07-25s3:docs: document the smbclient "tid" commandMichael Adam1-0/+9
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Mon Jul 25 13:14:57 CEST 2011 on sn-devel-104
2011-07-25s3:docs: document the smbclient "tdis" commandMichael Adam1-0/+7
2011-07-25s3:docs: document the smbclient "tcon" commandMichael Adam1-0/+8
2011-07-25s3:docs: document the smbclient "logoff" commandMichael Adam1-0/+7
2011-07-25lib/ccan: update to init-1192-gdd04041Rusty Russell32-424/+959
This imports licensing clarifications and updates as discussed on samba-technical ("Subject: Re: ccan code breaks older build farm systems"). In particular, the recent version have per-file license markers, and some modules are relicenced more liberally: in particular Simo pointed out that htable was GPL, and indirectly included by libtdb2, which would have made that GPL as well. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Mon Jul 25 12:03:40 CEST 2011 on sn-devel-104
2011-07-25lib/ccan: add READMERusty Russell1-0/+9
README points out that these code snippets have their own licenses, and that their home is elsewhere. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-07-25s4:auth/kerberos: activate windows related krb5 flagsStefan Metzmacher1-0/+10
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 25 09:45:01 CEST 2011 on sn-devel-104
2011-07-24s4:heimdal: build samba4kgetcredStefan Metzmacher2-0/+240
metze
2011-07-24s3-utils/net_rpc_printer.c: fix error messageBjörn Baumbach1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Jul 24 19:01:47 CEST 2011 on sn-devel-104
2011-07-24s3: Fix Coverity ID 2596, REVERSE_INULLVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Jul 24 16:37:19 CEST 2011 on sn-devel-104
2011-07-23cli_raw: Make name lowercase.Jelmer Vernooij7-11/+11
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Jul 23 23:20:51 CEST 2011 on sn-devel-104
2011-07-23charset: Make name lowercase everywhere.Jelmer Vernooij4-10/+10
2011-07-23wafsamba: Properly lock object store when retrieving version through Bazaar.Jelmer Vernooij1-1/+5
2011-07-23remove the fedora package, and point at the repository insteadJelmer Vernooij7-529/+13
2011-07-23README.Coding: Mention that PEP8 is the standard for Python code.Jelmer Vernooij1-1/+5
Almost all of our existing code is PEP8, and virtually every other free software project in Python uses PEP8.
2011-07-23update TODO: net has been renamed to samba-tool.Jelmer Vernooij1-2/+1
2011-07-23scripting/bin: Some formatting fixes.Jelmer Vernooij2-4/+4
2011-07-23s3:libsmb: cli_set_secdesc() only needs a const struct security_descriptorStefan Metzmacher2-2/+2
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Jul 23 11:08:19 CEST 2011 on sn-devel-104