← Back to branch summary

~ubuntu-branches/ubuntu/lucid/samba/lucid-security

« back to all changes in this revision

Viewing changes to source3/web/swat_proto.h

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2011-07-28 09:39:38 UTC
  • mfrom: (102.1.4 lucid-proposed)
  • Revision ID: james.westby@ubuntu.com-20110728093938-1crrj6yjze4h7zkb
Tags: 2:3.4.7~dfsg-1ubuntu3.7
* SECURITY UPDATE: cross-site scripting in SWAT
  - debian/patches/CVE-2011-2694.patch: don't display username in
    source3/web/swat.c.
  - CVE-2011-2694
* SECURITY UPDATE: cross-site request forgery in SWAT
  - debian/patches/CVE-2011-2522.patch: implement nonce in
    source3/web/{cgi.c,statuspage.c,swat.c,swat_proto.h}.
  - CVE-2011-2522

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/web/swat_proto.h
31
31
const char *cgi_variable_nonull(const char *name);
32
32
bool am_root(void);
33
33
char *cgi_user_name(void);
 
34
char *cgi_user_pass(void);
34
35
void cgi_setup(const char *rootdir, int auth_required);
35
36
const char *cgi_baseurl(void);
36
37
const char *cgi_pathinfo(void);
66
67
/* The following definitions come from web/swat.c  */
67
68
 
68
69
const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid);
 
70
void get_xsrf_token(const char *username, const char *pass,
 
71
                    const char *formname, time_t xsrf_time, char token_str[33]);
 
72
void print_xsrf_token(const char *username, const char *pass,
 
73
                      const char *formname);
 
74
bool verify_xsrf_token(const char *formname);
69
75
 
70
76
#endif /*  _SWAT_PROTO_H_  */