summaryrefslogtreecommitdiffstats
path: root/source3/web/swat.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:web/swat: use strtoll() instead of atoi/atol/atollStefan Metzmacher2011-08-061-6/+19
| | | | | | | | | | This is more portable, as we have a strtoll replacement in lib/replace. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
* s3/swat: use strlcat instead of strncat to fix build on old Linux distrosBjörn Jacke2011-08-041-1/+1
| | | | | | | | | | SLES 9's glibc for example had weird macros where the use of strncat resulted in the use of strcat which we don't allow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
* s3 swat: Add time component to XSRF tokenKai Blin2011-07-261-4/+24
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to printer pageKai Blin2011-07-261-10/+18
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to password pageKai Blin2011-07-261-3/+8
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to shares pageKai Blin2011-07-261-5/+13
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to globals pageKai Blin2011-07-261-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard pageKai Blin2011-07-261-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to wizard_params pageKai Blin2011-07-261-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add XSRF protection to viewconfig pageKai Blin2011-07-261-0/+7
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s3 swat: Add support for anti-XSRF tokenKai Blin2011-07-261-0/+54
|
* s3-swat: Fix typo.Karolin Seeger2011-07-261-1/+1
| | | | | | | | Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-261-12/+2
| | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
* First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systemsJeremy Allison2011-07-191-1/+1
| | | | | | | | | | Remove int toupper_ascii(int c); int tolower_ascii(int c); int isupper_ascii(int c); int islower_ascii(int c); and replace with their _m equivalents, as they are identical.
* param: Finish conversion from lp_wins_support() -> lp_we_are_a_wins_server()Andrew Bartlett2011-07-021-2/+2
| | | | | | | | | Jermey started this in 1997 with 0aa493cc0303aa4177f289b9e4c797c8fa180672 (avoiding the duplicate function makes it easier to generate the struct loadparm_globals). Andrew Bartlett
* param: Merge param headers into lib/param/loadparm.hAndrew Bartlett2011-06-291-0/+1
| | | | | | | This defines a common table format, so we can in future define a common table. Andrew Bartlett
* s3-param use lp_parm_ptr() rather than parm.ptr directlyAndrew Bartlett2011-06-291-5/+8
| | | | | | | | | This will help with a change from .ptr to .offset Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Jun 29 03:26:21 CEST 2011 on sn-devel-104
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* More simple const fixups.Jeremy Allison2011-05-051-1/+1
|
* s3-build: only include intl protos where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-fault: removed the cont_fn from fault_setup()Andrew Tridgell2011-03-221-1/+1
| | | | | | | | | | cont_fn() was supposed to be a way to continue after a seg fault. It could never be called however, as smb_panic() from fault_report() could never return, as dump_core() never returns at the end of smb_panic() Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Mar 22 05:07:58 CET 2011 on sn-devel-104
* s3-printing: only include printing where really needed.Günther Deschner2011-02-221-0/+1
| | | | Guenther
* s3-printing: Initiate pcap reload from parent smbdDavid Disseldorp2011-01-071-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit 7022554, smbds share a printcap cache (printer_list.tdb), therefore ordering of events between smbd processes is important when updating printcap cache information. Consider the following two process example: 1) smbd1 receives HUP or printcap cache time expiry 2) smbd1 checks whether pcap needs refresh, it does 3) smbd1 marks pcap as refreshed 4) smbd1 forks child1 to obtain cups printer info 5) smbd2 receives HUP or printcap cache time expiry 6) smbd2 checks whether pcap needs refresh, it does not (due to step 3) 7) smbd2 reloads printer shares prior to child1 completion (stale pcap) 8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1 9) smbd1 reloads printer shares based on new pcap information In this case both smbd1 and smbd2 are reliant on the pcap update performed on child1 completion. The prior commit "reload shares after pcap cache fill" ensures that smbd1 only reloads printer shares following pcap update, however smbd2 continues to present shares based on stale pcap data. This commit addresses the above problem by driving pcap cache and printer share updates from the parent smbd process. 1) smbd0 (parent) receives a HUP or printcap cache time expiry 2) smbd0 forks child0 to obtain cups printer info 3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0 4) smbd0 reloads printer shares 5) smbd0 notifies child smbds of pcap update via message_send_all() 6) child smbds read fresh pcap data and reload printer shares This architecture has the additional advantage that only a single process (the parent smbd) requests printer information from the printcap backend. Use time_mono in housekeeping functions As suggested by Björn Jacke.
* s3-printing: reload shares after pcap cache fillDavid Disseldorp2011-01-071-2/+4
| | | | | | | | | | | | | | | | Since commit eada8f8a, updates to the cups pcap cache are performed asynchronously - cups_cache_reload() forks a child process to request cups printer information and notify the parent smbd on completion. Currently printer shares are reloaded immediately following the call to cups_cache_reload(), this occurs prior to smbd receiving new cups pcap information from the child process. Such behaviour can result in stale print shares as outlined in bug 7836. This fix ensures print shares are only reloaded after new pcap data has been received. Pair-Programmed-With: Lars Müller <lars@samba.org>
* s3-debug Move 'load_case_tables()' before lp_set_cmdline() and popt callsAndrew Bartlett2010-11-021-2/+2
| | | | | | | | | | The problem here is that we cannot run lp_set_cmdline() (directly or indirectly via the popt helpers) until load_case_tables() has been run. However, load_case_tables does not have auto-initialisation, so we must init it once, and once only. Andrew Bartlett
* s3-debug Impove setup_logging() to specify logging to stderrAndrew Bartlett2010-11-021-4/+5
| | | | | | | | This change improves the setup_logging() API so that callers which wish to set up logging to stderr can simply ask for it, rather than directly modify the dbf global variable. Andrew Bartlett
* s3: Remove the smbd_messaging_context from load_printersVolker Lendecke2010-08-081-2/+2
|
* s3-popt: Only include popt-common.h when needed.Andreas Schneider2010-08-051-0/+1
|
* s3: Fix bug 6288Volker Lendecke2009-11-301-8/+8
|
* s3: Fix some nonempty blank linesVolker Lendecke2009-11-291-17/+16
|
* Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett2009-04-141-10/+10
| | | | | | | | | | | | This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
* s3/swat: Fix creation of the first share using SWAT.Volker Lendecke2009-01-061-1/+1
| | | | This fixes bug #5965.
* Fix more "ignore return value" warnings from gcc 4.3.Jeremy Allison2008-12-301-3/+5
| | | | Jeremy
* s3:loadparm: rename lp_local_ptr() to lp_local_ptr_by_snum()Michael Adam2008-12-151-2/+2
| | | | Michael
* Use str_list_equal() rather than str_list_compare().Jelmer Vernooij2008-10-181-1/+2
|
* Use separate make variables for libutil and libcrypto.Jelmer Vernooij2008-10-181-2/+2
|
* Fix swat. Bug #5613.Jeremy Allison2008-07-151-13/+18
| | | | | Jeremy (This used to be commit 15920f838835f5dbbac8712202267c2a99237686)
* Fix empty input fields in SWAT; [#5515].Andreas Schneider2008-06-031-4/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (This used to be commit e1579c90fb27c07f95889dd8778daeef53e2ac16)
* Cleanup size_t return values in callers of convert_string_allocateTim Prouty2008-05-201-6/+8
| | | | | | This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
* Add a talloc context parameter to current_timestring() to fix memleaks.Michael Adam2008-03-281-1/+5
| | | | | | | | | | | | | | current_timestring used to return a string talloced to talloc_tos(). When called by DEBUG from a TALLOC_FREE, this produced messages "no talloc stackframe around, leaking memory". For example when used from net conf. This also adds a temporary talloc context to alloc_sub_basic(). For this purpose, the exit strategy is slightly altered: a common exit point is used for success and failure. Michael (This used to be commit 16b5800d4e3a8b88bac67b2550d14e0aaaa302a9)
* loadparm: add convenience wrapper lp_kill_all_services()Michael Adam2008-03-121-1/+1
| | | | | Michael (This used to be commit 32bfd131e33d06be9dfaef02b57f5401d2bc7639)
* Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison2007-12-101-9/+9
| | | | | | | them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
* We don't need P_GSTRING or P_UGSTRING anymore.Jeremy Allison2007-12-071-15/+0
| | | | | Jeremy. (This used to be commit 78dc75600099b5b3b5a8ecffec747a227ff51d70)
* Remove some globalsVolker Lendecke2007-12-051-5/+12
| | | | (This used to be commit 31d0a846db08d845e6cdfd85def4ac1c34031e02)
* Make strhex_to_str clear on string limits. Remove pstring from web/*.cJeremy Allison2007-12-031-40/+59
| | | | | Jeremy. (This used to be commit f9c8d62389f8cb47837e5360209936176537df13)
* Make remote_password_change return malloced error stringsVolker Lendecke2007-11-231-3/+4
| | | | | This fixes a segfault in smbpasswd -r (This used to be commit 49949f0b85007c7c2b3c340c12f3d18909862135)
* Remove pstrings from pam_smbpass - make local_password_changeJeremy Allison2007-11-211-6/+8
| | | | | | return malloced strings. Jeremy. (This used to be commit f652fe2bdb7a3a36e83dcf4b08347543fdffb9f0)
* More pstring removal. This one was tricky. I had to addJeremy Allison2007-11-151-0/+3
| | | | | | | one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. (This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
generated by cgit (git 2.34.1) at 2025-08-28 20:38:55 +0000