1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
samba-mirror/source3/web
Kai Blin c79e08fb1b s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.

Signed-off-by: Kai Blin <kai@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
2011-07-26 23:33:24 +02:00
..
cgi.c s3 swat: Create random nonce in CGI mode 2011-07-26 23:33:24 +02:00
diagnose.c s3-param Remove special case for global_myname(), rename to lp_netbios_name() 2011-06-09 12:40:09 +02:00
neg_lang.c s3-build: only include intl protos where needed. 2011-03-30 01:13:08 +02:00
startstop.c dynconfig: Have only one dynconfig.o in the common code. 2011-04-27 22:22:26 +10:00
statuspage.c s3 swat: Add XSRF protection to status page 2011-07-26 22:22:25 +02:00
swat_proto.h s3 swat: Add time component to XSRF token 2011-07-26 22:22:25 +02:00
swat.c s3 swat: Add time component to XSRF token 2011-07-26 22:22:25 +02:00