Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jun 5 19:28:35 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
swat doesn't have a central event loop.
metze
|
|
|
|
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Sep 8 10:21:50 CEST 2011 on sn-devel-104
|
|
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
|
|
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
|
|
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Thanks to Simo for reporting!
Karolin
(cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94)
(cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
|
|
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);
and replace with their _m equivalents, as they are identical.
|
|
Jermey started this in 1997 with 0aa493cc0303aa4177f289b9e4c797c8fa180672
(avoiding the duplicate function makes it easier to generate the
struct loadparm_globals).
Andrew Bartlett
|
|
This defines a common table format, so we can in future define a
common table.
Andrew Bartlett
|
|
This will help with a change from .ptr to .offset
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jun 29 03:26:21 CEST 2011 on sn-devel-104
|
|
These calls only ever output ASCII strings (protocol strings and
debugging), and never user content, so make it clear that these don't
need to be converted into UTF8.
Andrew Bartlett
|
|
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
|
|
|
|
Guenther
|
|
|
|
|
|
Makes these interfaces much harder to misuse and easier to ensure error
checking.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 30 23:59:37 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Will later become part of locking.h
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
|
|
cont_fn() was supposed to be a way to continue after a seg fault. It
could never be called however, as smb_panic() from fault_report()
could never return, as dump_core() never returns at the end of
smb_panic()
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Mar 22 05:07:58 CET 2011 on sn-devel-104
|
|
Guenther
|
|
|
|
|