samba.git/source3/web/cgi.c, branch v3-5-test Unnamed repository; edit this file 'description' to name the repository. s3 swat: Create random nonce in CGI mode 2011-07-26T18:45:44+00:00 Kai Blin kai@samba.org 2011-07-12T06:08:24+00:00 4cfe6adbc421262f1e55cfba159bc2d2260a9a99 In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> The last 12 patches address bug #8290 (CSRF vulnerability in SWAT). This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT). (cherry picked from commit 0e17d8ef7e4004a0d35011c322b93b6da5811951) 
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.

Signed-off-by: Kai Blin <kai@samba.org>

The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit 0e17d8ef7e4004a0d35011c322b93b6da5811951)
s3 swat: Allow getting the user's HTTP auth password 2011-07-26T18:45:07+00:00 Kai Blin kai@samba.org 2011-07-08T10:56:21+00:00 48c59a191dd4bd496bc51a15f06665949c9506f3 Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit 988f59f7eb512fbae5a6cab6ed1dbf32a5737fe7) 
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 988f59f7eb512fbae5a6cab6ed1dbf32a5737fe7)
Fix bug #7743 - Inconsistent use of system name lookup can cause a domain joined machine to fail to find users. 2010-11-11T11:10:56+00:00 Jeremy Allison jra@samba.org 2010-10-20T18:22:57+00:00 6e9d95f753b2b127268f1eb9a40d601002484bd1 Ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. 
Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.

Jeremy.
s3: Fix an uninitialized variable reference 2009-11-29T22:43:55+00:00 Volker Lendecke vl@samba.org 2009-11-29T21:57:19+00:00 dde5ac90361834aa8f01974ec0d7dbf063a4e0b6 






s3: Pass fake_dir_create_times down to file_exist_stat, none of the callers look at the mtime
2009-11-29T11:04:08+00:00

Volker Lendecke
vl@samba.org

2009-11-27T12:17:05+00:00

6d432d4db84427345c03438eb656b3f387288988












s3: "cgi_download" only looks at the mode and size
2009-11-29T11:04:06+00:00

Volker Lendecke
vl@samba.org

2009-11-27T12:00:10+00:00

0b8810b80cf9532099851aa0b0989ed107c82454












s3: Pass the "fake dir create times" parameter to sys_*stat
2009-11-29T11:04:05+00:00

Volker Lendecke
vl@samba.org

2009-11-27T11:42:39+00:00

572b1f7d7fbfd7719b51033f34f139497cda0f00

Step 0 to restore it as a per-share paramter





Step 0 to restore it as a per-share paramter







Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STAT
2009-05-26T15:48:23+00:00

Volker Lendecke
vl@samba.org

2009-05-14T13:34:42+00:00

49ca690b4b22ee6e597179059c9442e94c5bd423

This patch introduces

struct stat_ex {
        dev_t           st_ex_dev;
        ino_t           st_ex_ino;
        mode_t          st_ex_mode;
        nlink_t         st_ex_nlink;
        uid_t           st_ex_uid;
        gid_t           st_ex_gid;
        dev_t           st_ex_rdev;
        off_t           st_ex_size;
        struct timespec st_ex_atime;
        struct timespec st_ex_mtime;
        struct timespec st_ex_ctime;
        struct timespec st_ex_btime; /* birthtime */
        blksize_t       st_ex_blksize;
        blkcnt_t        st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;

It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.

Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.

At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.

It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.





This patch introduces

struct stat_ex {
        dev_t           st_ex_dev;
        ino_t           st_ex_ino;
        mode_t          st_ex_mode;
        nlink_t         st_ex_nlink;
        uid_t           st_ex_uid;
        gid_t           st_ex_gid;
        dev_t           st_ex_rdev;
        off_t           st_ex_size;
        struct timespec st_ex_atime;
        struct timespec st_ex_mtime;
        struct timespec st_ex_ctime;
        struct timespec st_ex_btime; /* birthtime */
        blksize_t       st_ex_blksize;
        blkcnt_t        st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;

It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.

Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.

At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.

It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.







Convert Samba3 to use the common lib/util/charset API
2009-04-14T02:53:56+00:00

Andrew Bartlett
abartlet@samba.org

2009-03-19T01:20:11+00:00

3b3e21bd9ba701a97e752205263a7903619541c7

This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API

To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c

(the actual implementation remains distinct, but the API is now shared)

Andrew Bartlett





This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API

To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c

(the actual implementation remains distinct, but the API is now shared)

Andrew Bartlett







Fix more "ignore return value" warnings from gcc 4.3.
2008-12-31T02:24:39+00:00

Jeremy Allison
jra@samba.org

2008-12-31T02:24:39+00:00

9eab2bfaf1a2f07451d0d40e9dc3323b0573a143

Jeremy





Jeremy