summaryrefslogtreecommitdiff
path: root/source3/web
AgeCommit message (Collapse)AuthorFilesLines
2012-06-28Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.Jeremy Allison1-2/+3
Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
2012-06-21s3:util: rename procid_equal() to serverid_equal()Michael Adam1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-06s3:smb: introduce a name TID_FIELD_INVALID for the invalid value for a cnum/tidMichael Adam1-3/+3
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-06-05s3:lib: split things into a conn_tdb.hStefan Metzmacher1-0/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jun 5 19:28:35 CEST 2012 on sn-devel-104
2012-04-05build: Fix sys_open() removal by including system/filesys.hAndrew Bartlett1-0/+1
2012-04-05build: Remove sys_fopen wrapperAndrew Bartlett1-1/+1
2012-04-05build: Remove sys_open wrapperAndrew Bartlett1-2/+2
2012-03-30More strlcat/strlcpy truncate checks.Jeremy Allison1-1/+2
2012-01-21param: handle P_BYTES in more placesAndrew Bartlett1-0/+2
2011-12-14s3:web/swat: use short term event and message contextsStefan Metzmacher1-4/+35
swat doesn't have a central event loop. metze
2011-12-02s3: Use autogenerated open_files.idlVolker Lendecke1-0/+1
2011-11-03s3:web: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher1-1/+1
metze
2011-09-08s3:libsmb: pass CLI_FULL_CONNECTION_* flags via cli_connect_nb()Stefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Sep 8 10:21:50 CEST 2011 on sn-devel-104
2011-08-06s3:web/swat: use strtoll() instead of atoi/atol/atollStefan Metzmacher1-6/+19
This is more portable, as we have a strtoll replacement in lib/replace. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
2011-08-04s3/swat: use strlcat instead of strncat to fix build on old Linux distrosBjörn Jacke1-1/+1
SLES 9's glibc for example had weird macros where the use of strncat resulted in the use of strcat which we don't allow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
2011-07-26s3 swat: Create random nonce in CGI modeKai Blin1-1/+19
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
2011-07-26s3 swat: Add time component to XSRF tokenKai Blin2-5/+25
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to printer pageKai Blin1-10/+18
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to password pageKai Blin1-3/+8
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to shares pageKai Blin1-5/+13
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to globals pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard_params pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to viewconfig pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to status pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add support for anti-XSRF tokenKai Blin2-0/+59
2011-07-26s3 swat: Allow getting the user's HTTP auth passwordKai Blin2-0/+10
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3-swat: Fix typo.Karolin Seeger1-1/+1
Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
2011-07-26s3 swat: Fix possible XSS attack (bug #8289)Kai Blin1-12/+2
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
2011-07-19First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systemsJeremy Allison1-1/+1
Remove int toupper_ascii(int c); int tolower_ascii(int c); int isupper_ascii(int c); int islower_ascii(int c); and replace with their _m equivalents, as they are identical.
2011-07-02param: Finish conversion from lp_wins_support() -> lp_we_are_a_wins_server()Andrew Bartlett1-2/+2
Jermey started this in 1997 with 0aa493cc0303aa4177f289b9e4c797c8fa180672 (avoiding the duplicate function makes it easier to generate the struct loadparm_globals). Andrew Bartlett
2011-06-29param: Merge param headers into lib/param/loadparm.hAndrew Bartlett1-0/+1
This defines a common table format, so we can in future define a common table. Andrew Bartlett
2011-06-29s3-param use lp_parm_ptr() rather than parm.ptr directlyAndrew Bartlett1-5/+8
This will help with a change from .ptr to .offset Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jun 29 03:26:21 CEST 2011 on sn-devel-104
2011-06-23s3-swat Remove d_printf() callsAndrew Bartlett1-2/+2
These calls only ever output ASCII strings (protocol strings and debugging), and never user content, so make it clear that these don't need to be converted into UTF8. Andrew Bartlett
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-1/+1
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-05-28s3: Use cli_connect_nb in smbd_running()Volker Lendecke1-7/+3
2011-05-06s3-libsmb: move protos to libsmb/proto.hGünther Deschner1-0/+1
Guenther
2011-05-05More simple const fixups.Jeremy Allison1-1/+1
2011-04-27dynconfig: Have only one dynconfig.o in the common code.Andrew Bartlett1-1/+1
2011-03-30Fix convert_string() to take a *converted_size arg. and return a bool.Jeremy Allison1-4/+9
Makes these interfaces much harder to misuse and easier to ensure error checking. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 30 23:59:37 CEST 2011 on sn-devel-104
2011-03-30s3-auth: use auth.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-locking: move locking prototypes out of proto.h.Günther Deschner1-0/+1
Will later become part of locking.h Guenther
2011-03-30s3-build: only include intl protos where needed.Günther Deschner3-0/+3
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner2-0/+2
Guenther
2011-03-30s3-includes: only include system/passwd.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-winbind: remove global inclusion of libwbclient.Günther Deschner1-0/+1
Guenther
2011-03-24charcnv: removed the allow_badcharcnv and allow_bad_conv options to ↵Andrew Tridgell1-4/+4
convert_string*() we shouldn't accept bad multi-byte strings, it just hides problems Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-22s3-fault: removed the cont_fn from fault_setup()Andrew Tridgell1-1/+1
cont_fn() was supposed to be a way to continue after a seg fault. It could never be called however, as smb_panic() from fault_report() could never return, as dump_core() never returns at the end of smb_panic() Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 22 05:07:58 CET 2011 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-06-18 13:24:38 +0000