summaryrefslogtreecommitdiff
path: root/source3/web/swat.c
AgeCommit message (Collapse)AuthorFilesLines
2011-07-26s3 swat: Add time component to XSRF tokenKai Blin1-4/+24
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to printer pageKai Blin1-10/+18
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to password pageKai Blin1-3/+8
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to shares pageKai Blin1-5/+13
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to globals pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard_params pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to viewconfig pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add support for anti-XSRF tokenKai Blin1-0/+54
2011-07-26s3-swat: Fix typo.Karolin Seeger1-1/+1
Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
2011-07-26s3 swat: Fix possible XSS attack (bug #8289)Kai Blin1-12/+2
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
2011-07-19First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systemsJeremy Allison1-1/+1
Remove int toupper_ascii(int c); int tolower_ascii(int c); int isupper_ascii(int c); int islower_ascii(int c); and replace with their _m equivalents, as they are identical.
2011-07-02param: Finish conversion from lp_wins_support() -> lp_we_are_a_wins_server()Andrew Bartlett1-2/+2
Jermey started this in 1997 with 0aa493cc0303aa4177f289b9e4c797c8fa180672 (avoiding the duplicate function makes it easier to generate the struct loadparm_globals). Andrew Bartlett
2011-06-29param: Merge param headers into lib/param/loadparm.hAndrew Bartlett1-0/+1
This defines a common table format, so we can in future define a common table. Andrew Bartlett
2011-06-29s3-param use lp_parm_ptr() rather than parm.ptr directlyAndrew Bartlett1-5/+8
This will help with a change from .ptr to .offset Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jun 29 03:26:21 CEST 2011 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-05-05More simple const fixups.Jeremy Allison1-1/+1
2011-03-30s3-build: only include intl protos where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-22s3-fault: removed the cont_fn from fault_setup()Andrew Tridgell1-1/+1
cont_fn() was supposed to be a way to continue after a seg fault. It could never be called however, as smb_panic() from fault_report() could never return, as dump_core() never returns at the end of smb_panic() Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 22 05:07:58 CET 2011 on sn-devel-104
2011-02-22s3-printing: only include printing where really needed.Günther Deschner1-0/+1
Guenther
2011-01-07s3-printing: Initiate pcap reload from parent smbdDavid Disseldorp1-4/+9
Since commit 7022554, smbds share a printcap cache (printer_list.tdb), therefore ordering of events between smbd processes is important when updating printcap cache information. Consider the following two process example: 1) smbd1 receives HUP or printcap cache time expiry 2) smbd1 checks whether pcap needs refresh, it does 3) smbd1 marks pcap as refreshed 4) smbd1 forks child1 to obtain cups printer info 5) smbd2 receives HUP or printcap cache time expiry 6) smbd2 checks whether pcap needs refresh, it does not (due to step 3) 7) smbd2 reloads printer shares prior to child1 completion (stale pcap) 8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1 9) smbd1 reloads printer shares based on new pcap information In this case both smbd1 and smbd2 are reliant on the pcap update performed on child1 completion. The prior commit "reload shares after pcap cache fill" ensures that smbd1 only reloads printer shares following pcap update, however smbd2 continues to present shares based on stale pcap data. This commit addresses the above problem by driving pcap cache and printer share updates from the parent smbd process. 1) smbd0 (parent) receives a HUP or printcap cache time expiry 2) smbd0 forks child0 to obtain cups printer info 3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0 4) smbd0 reloads printer shares 5) smbd0 notifies child smbds of pcap update via message_send_all() 6) child smbds read fresh pcap data and reload printer shares This architecture has the additional advantage that only a single process (the parent smbd) requests printer information from the printcap backend. Use time_mono in housekeeping functions As suggested by Björn Jacke.
2011-01-07s3-printing: reload shares after pcap cache fillDavid Disseldorp1-2/+4
Since commit eada8f8a, updates to the cups pcap cache are performed asynchronously - cups_cache_reload() forks a child process to request cups printer information and notify the parent smbd on completion. Currently printer shares are reloaded immediately following the call to cups_cache_reload(), this occurs prior to smbd receiving new cups pcap information from the child process. Such behaviour can result in stale print shares as outlined in bug 7836. This fix ensures print shares are only reloaded after new pcap data has been received. Pair-Programmed-With: Lars Müller <lars@samba.org>
2010-11-02s3-debug Move 'load_case_tables()' before lp_set_cmdline() and popt callsAndrew Bartlett1-2/+2
The problem here is that we cannot run lp_set_cmdline() (directly or indirectly via the popt helpers) until load_case_tables() has been run. However, load_case_tables does not have auto-initialisation, so we must init it once, and once only. Andrew Bartlett
2010-11-02s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett1-4/+5
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
2010-08-08s3: Remove the smbd_messaging_context from load_printersVolker Lendecke1-2/+2
2010-08-05s3-popt: Only include popt-common.h when needed.Andreas Schneider1-0/+1
2009-11-30s3: Fix bug 6288Volker Lendecke1-8/+8
2009-11-29s3: Fix some nonempty blank linesVolker Lendecke1-17/+16
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett1-10/+10
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-01-06s3/swat: Fix creation of the first share using SWAT.Volker Lendecke1-1/+1
This fixes bug #5965.
2008-12-30Fix more "ignore return value" warnings from gcc 4.3.Jeremy Allison1-3/+5
Jeremy
2008-12-15s3:loadparm: rename lp_local_ptr() to lp_local_ptr_by_snum()Michael Adam1-2/+2
Michael
2008-10-18Use str_list_equal() rather than str_list_compare().Jelmer Vernooij1-1/+2
2008-10-18Use separate make variables for libutil and libcrypto.Jelmer Vernooij1-2/+2
2008-07-15Fix swat. Bug #5613.Jeremy Allison1-13/+18
Jeremy (This used to be commit 15920f838835f5dbbac8712202267c2a99237686)
2008-06-03Fix empty input fields in SWAT; [#5515].Andreas Schneider1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> (This used to be commit e1579c90fb27c07f95889dd8778daeef53e2ac16)
2008-05-20Cleanup size_t return values in callers of convert_string_allocateTim Prouty1-6/+8
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
2008-03-28Add a talloc context parameter to current_timestring() to fix memleaks.Michael Adam1-1/+5
current_timestring used to return a string talloced to talloc_tos(). When called by DEBUG from a TALLOC_FREE, this produced messages "no talloc stackframe around, leaking memory". For example when used from net conf. This also adds a temporary talloc context to alloc_sub_basic(). For this purpose, the exit strategy is slightly altered: a common exit point is used for success and failure. Michael (This used to be commit 16b5800d4e3a8b88bac67b2550d14e0aaaa302a9)
2008-03-12loadparm: add convenience wrapper lp_kill_all_services()Michael Adam1-1/+1
Michael (This used to be commit 32bfd131e33d06be9dfaef02b57f5401d2bc7639)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison1-9/+9
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
2007-12-07We don't need P_GSTRING or P_UGSTRING anymore.Jeremy Allison1-15/+0
Jeremy. (This used to be commit 78dc75600099b5b3b5a8ecffec747a227ff51d70)
2007-12-05Remove some globalsVolker Lendecke1-5/+12
(This used to be commit 31d0a846db08d845e6cdfd85def4ac1c34031e02)
2007-12-03Make strhex_to_str clear on string limits. Remove pstring from web/*.cJeremy Allison1-40/+59
Jeremy. (This used to be commit f9c8d62389f8cb47837e5360209936176537df13)
2007-11-23Make remote_password_change return malloced error stringsVolker Lendecke1-3/+4
This fixes a segfault in smbpasswd -r (This used to be commit 49949f0b85007c7c2b3c340c12f3d18909862135)
2007-11-21Remove pstrings from pam_smbpass - make local_password_changeJeremy Allison1-6/+8
return malloced strings. Jeremy. (This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
2007-11-15More pstring removal. This one was tricky. I had to addJeremy Allison1-0/+3
one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. (This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
2007-10-19Fix the popt / bool issues. Some places we used BOOLJeremy Allison1-2/+2
where we meant int. Fix this. Thanks to metze for pointing this out. Jeremy. (This used to be commit 793a9d24a163cb6cf5a3a0aa5ae30e9f8cf4744a)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-15/+15
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)