summaryrefslogtreecommitdiff
path: root/source3/web
AgeCommit message (Collapse)AuthorFilesLines
2011-07-26s3 swat: Create random nonce in CGI modeKai Blin1-1/+19
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
2011-07-26s3 swat: Add time component to XSRF tokenKai Blin2-5/+25
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to printer pageKai Blin1-10/+18
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to password pageKai Blin1-3/+8
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to shares pageKai Blin1-5/+13
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to globals pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard_params pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to viewconfig pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to status pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add support for anti-XSRF tokenKai Blin2-0/+59
2011-07-26s3 swat: Allow getting the user's HTTP auth passwordKai Blin2-0/+10
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3-swat: Fix typo.Karolin Seeger1-1/+1
Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
2011-07-26s3 swat: Fix possible XSS attack (bug #8289)Kai Blin1-12/+2
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
2011-07-19First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systemsJeremy Allison1-1/+1
Remove int toupper_ascii(int c); int tolower_ascii(int c); int isupper_ascii(int c); int islower_ascii(int c); and replace with their _m equivalents, as they are identical.
2011-07-02param: Finish conversion from lp_wins_support() -> lp_we_are_a_wins_server()Andrew Bartlett1-2/+2
Jermey started this in 1997 with 0aa493cc0303aa4177f289b9e4c797c8fa180672 (avoiding the duplicate function makes it easier to generate the struct loadparm_globals). Andrew Bartlett
2011-06-29param: Merge param headers into lib/param/loadparm.hAndrew Bartlett1-0/+1
This defines a common table format, so we can in future define a common table. Andrew Bartlett
2011-06-29s3-param use lp_parm_ptr() rather than parm.ptr directlyAndrew Bartlett1-5/+8
This will help with a change from .ptr to .offset Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jun 29 03:26:21 CEST 2011 on sn-devel-104
2011-06-23s3-swat Remove d_printf() callsAndrew Bartlett1-2/+2
These calls only ever output ASCII strings (protocol strings and debugging), and never user content, so make it clear that these don't need to be converted into UTF8. Andrew Bartlett
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-1/+1
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-05-28s3: Use cli_connect_nb in smbd_running()Volker Lendecke1-7/+3
2011-05-06s3-libsmb: move protos to libsmb/proto.hGünther Deschner1-0/+1
Guenther
2011-05-05More simple const fixups.Jeremy Allison1-1/+1
2011-04-27dynconfig: Have only one dynconfig.o in the common code.Andrew Bartlett1-1/+1
2011-03-30Fix convert_string() to take a *converted_size arg. and return a bool.Jeremy Allison1-4/+9
Makes these interfaces much harder to misuse and easier to ensure error checking. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 30 23:59:37 CEST 2011 on sn-devel-104
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-locking: move locking prototypes out of proto.h.Günther Deschner1-0/+1
Will later become part of locking.h Guenther
2011-03-30s3-build: only include intl protos where needed.Günther Deschner3-0/+3
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner2-0/+2
Guenther
2011-03-30s3-includes: only include system/passwd.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-4/+4
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-22s3-fault: removed the cont_fn from fault_setup()Andrew Tridgell1-1/+1
cont_fn() was supposed to be a way to continue after a seg fault. It could never be called however, as smb_panic() from fault_report() could never return, as dump_core() never returns at the end of smb_panic() Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 22 05:07:58 CET 2011 on sn-devel-104
2011-02-22s3-printing: only include printing where really needed.Günther Deschner1-0/+1
Guenther
2011-01-08s3: Fix a type errorVolker Lendecke1-2/+2
2011-01-08s3: Fix some nonempty blank linesVolker Lendecke1-3/+3
2011-01-07s3-printing: Initiate pcap reload from parent smbdDavid Disseldorp1-4/+9
Since commit 7022554, smbds share a printcap cache (printer_list.tdb), therefore ordering of events between smbd processes is important when updating printcap cache information. Consider the following two process example: 1) smbd1 receives HUP or printcap cache time expiry 2) smbd1 checks whether pcap needs refresh, it does 3) smbd1 marks pcap as refreshed 4) smbd1 forks child1 to obtain cups printer info 5) smbd2 receives HUP or printcap cache time expiry 6) smbd2 checks whether pcap needs refresh, it does not (due to step 3) 7) smbd2 reloads printer shares prior to child1 completion (stale pcap) 8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1 9) smbd1 reloads printer shares based on new pcap information In this case both smbd1 and smbd2 are reliant on the pcap update performed on child1 completion. The prior commit "reload shares after pcap cache fill" ensures that smbd1 only reloads printer shares following pcap update, however smbd2 continues to present shares based on stale pcap data. This commit addresses the above problem by driving pcap cache and printer share updates from the parent smbd process. 1) smbd0 (parent) receives a HUP or printcap cache time expiry 2) smbd0 forks child0 to obtain cups printer info 3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0 4) smbd0 reloads printer shares 5) smbd0 notifies child smbds of pcap update via message_send_all() 6) child smbds read fresh pcap data and reload printer shares This architecture has the additional advantage that only a single process (the parent smbd) requests printer information from the printcap backend. Use time_mono in housekeeping functions As suggested by Björn Jacke.
2011-01-07s3-printing: reload shares after pcap cache fillDavid Disseldorp1-2/+4
Since commit eada8f8a, updates to the cups pcap cache are performed asynchronously - cups_cache_reload() forks a child process to request cups printer information and notify the parent smbd on completion. Currently printer shares are reloaded immediately following the call to cups_cache_reload(), this occurs prior to smbd receiving new cups pcap information from the child process. Such behaviour can result in stale print shares as outlined in bug 7836. This fix ensures print shares are only reloaded after new pcap data has been received. Pair-Programmed-With: Lars Müller <lars@samba.org>
2011-01-07s3: Make name_query use /tmp/.nmbd/unexpectedVolker Lendecke1-13/+9
2010-12-28s3: Make name_query return NTSTATUSVolker Lendecke1-4/+6
Also use talloc for the result Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 28 18:21:05 CET 2010 on sn-devel-104
2010-11-02s3-debug Move 'load_case_tables()' before lp_set_cmdline() and popt callsAndrew Bartlett1-2/+2
The problem here is that we cannot run lp_set_cmdline() (directly or indirectly via the popt helpers) until load_case_tables() has been run. However, load_case_tables does not have auto-initialisation, so we must init it once, and once only. Andrew Bartlett
2010-11-02s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett1-4/+5
This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
2010-10-20Make getpwnam_alloc() static to lib/username.c, and ensure all username ↵Jeremy Allison1-2/+2
lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-26s3: Remove talloc_autofree_context() from swatVolker Lendecke1-2/+2
In both cases, pass is freed immediately
2010-08-28s3: Lift smbd_server_fd() from pass_check()Volker Lendecke1-1/+7
2010-08-22s3: Move check_access to cgi.c, its only userVolker Lendecke1-0/+81
2010-08-16s3-auth: Remove obsolete 'update encrypted' option.Andreas Schneider1-3/+1