Hello community,
here is the log from the commit of package samba for openSUSE:11.4
checked in at Thu Jul 28 00:25:27 CEST 2011.
--------
--- old-versions/11.4/all/samba/samba.changes 2011-02-28 17:29:13.000000000 +0100
+++ 11.4/samba/samba.changes 2011-07-27 13:41:00.000000000 +0200
@@ -1,0 +2,58 @@
+Tue Jul 26 23:57:01 UTC 2011 - lmuelle@suse.de
+
+- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
+ affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
+ (bnc#708503).
+
+-------------------------------------------------------------------
+Tue Jul 26 20:44:01 UTC 2011 - lmuelle@suse.de
+
+- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
+ affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
+ (bnc#705241).
+
+-------------------------------------------------------------------
+Mon Jul 11 16:21:23 CEST 2011 - ddiss@suse.de
+
+- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
+ (bnc#705170).
+
+-------------------------------------------------------------------
+Mon May 16 10:23:54 CEST 2011 - ddiss@suse.de
+
+- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).
+
+-------------------------------------------------------------------
+Thu Apr 7 21:38:00 CET 2011 - jmcdonough@suse.de
+
+- Fix idmap_tdb for big-endian systems such as ppc and s390;
+ (bso#6901); (bnc#675978).
+
+-------------------------------------------------------------------
+Thu Mar 24 16:37:34 CET 2011 - ddiss@suse.de
+
+- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).
+
+-------------------------------------------------------------------
+Thu Mar 17 10:24:31 CET 2011 - ddiss@suse.de
+
+- Don't crash when publishing a single printer; (bnc#643119).
+
+-------------------------------------------------------------------
+Wed Mar 9 10:46:20 UTC 2011 - lmuelle@suse.de
+
+- Define the libwbclient packages ahead of packages with a different version.
+
+-------------------------------------------------------------------
+Fri Mar 4 20:12:24 UTC 2011 - lmuelle@suse.de
+
+- Require a particular library version even if the major version is part of
+ the package name. Using the same major version does not guarantee forward
+ compatibility.
+
+-------------------------------------------------------------------
+Fri Mar 4 16:30:46 CET 2011 - ddiss@suse.de
+
+- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).
+
+-------------------------------------------------------------------
@@ -136,0 +195,5 @@
+Wed Nov 24 13:28:13 CET 2010 - ddiss@suse.de
+
+- One further fix for spoolss GetPrinter (level 2) response; (bnc#649636).
+
+-------------------------------------------------------------------
@@ -162,0 +226,18 @@
+
+-------------------------------------------------------------------
+Wed Nov 10 11:53:36 CET 2010 - ddiss@suse.de
+
+- Fix incorrect spoolss GetPrinterData behaviour, causing user get
+ printer settings problems; (bnc#643787).
+
+-------------------------------------------------------------------
+Wed Nov 10 11:50:26 CET 2010 - ddiss@suse.de
+
+- Fix malformed spoolss EnumPrinterKey response, causing add printer
+ failures on Windows 7; (bso#6883); (bnc#649526).
+
+-------------------------------------------------------------------
+Wed Nov 10 11:47:35 CET 2010 - ddiss@suse.de
+
+- Fix malformed spoolss GetPrinter (level 2) response;
+ (bso#6727); (bnc#649636).
Package does not exist at destination yet. Using Fallback old-versions/11.4/all/samba
Destination is old-versions/11.4/UPDATES/all/samba
calling whatdependson for 11.4-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba-doc.spec ++++++
--- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200
+++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200
@@ -420,7 +420,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%changelog
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200
+++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200
@@ -184,7 +184,7 @@
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package client
@@ -230,7 +230,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020
@@ -257,7 +257,7 @@
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%endif
@@ -287,7 +287,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%endif
@@ -314,7 +314,7 @@
--------
Jeremy Allison <jra at samba dot org>
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%if %{make_utils}
@@ -365,7 +365,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%if 0%{?suse_version} && 0%{?suse_version} < 1031
@@ -375,7 +375,7 @@
%else
%package -n libsmbclient0
-License: GPL v3 or later
+License: GPLv3+
Provides: libsmbclient = %{version}-%{release}
Obsoletes: libsmbclient
%endif
@@ -390,7 +390,7 @@
%if 0%{?suse_version} && 0%{?suse_version} < 1031
%description -n libsmbclient
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%else
@@ -416,12 +416,12 @@
Group: Development/Libraries/C and C++
AutoReqProv: on
%if 0%{?suse_version} && 0%{?suse_version} < 921
-Requires: libsmbclient heimdal-devel
+Requires: libsmbclient = %{version} heimdal-devel
%else
%if 0%{?suse_version} && 0%{?suse_version} < 1031
-Requires: libsmbclient krb5-devel
+Requires: libsmbclient = %{version} krb5-devel
%else
-Requires: libsmbclient0 krb5-devel
+Requires: libsmbclient0 = %{version} krb5-devel
%endif
%endif
@@ -435,7 +435,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libnetapi0
@@ -454,7 +454,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libnetapi-devel
@@ -462,7 +462,7 @@
Summary: Libraries and Header Files to Develop Programs with netapi Support
Group: Development/Libraries/C and C++
AutoReqProv: on
-Requires: libnetapi0
+Requires: libnetapi0 = %{version}
%description -n libnetapi-devel
This package contains the static libraries and header files needed to
@@ -474,7 +474,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%if 0%{?suse_version} && 0%{?suse_version} < 1031
@@ -484,7 +484,7 @@
%else
%package -n libsmbsharemodes0
-License: GPL v3 or later
+License: GPLv3+
%endif
Summary: Samba smbsharemodes Library
Group: System/Libraries
@@ -494,7 +494,7 @@
%if 0%{?suse_version} && 0%{?suse_version} < 1031
%description -n libsmbsharemodes
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%else
@@ -514,9 +514,9 @@
Group: Development/Libraries/C and C++
AutoReqProv: on
%if 0%{?suse_version} && 0%{?suse_version} < 1031
-Requires: libsmbsharemodes
+Requires: libsmbsharemodes = %{version}
%else
-Requires: libsmbsharemodes0
+Requires: libsmbsharemodes0 = %{version}
%endif
%description -n libsmbsharemodes-devel
@@ -530,20 +530,18 @@
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libtalloc2
-License: LGPLv3+
-Summary: Samba talloc Library
+%package -n libwbclient0
+License: GPLv3+
+Summary: Samba libwbclient Library
Group: System/Libraries
AutoReqProv: on
-Version: %{libtalloc_ver}
-Release: 2.<RELEASE4>
PreReq: /sbin/ldconfig
-%description -n libtalloc2
-This package includes the talloc library.
+%description -n libwbclient0
+This package includes the wbclient library.
@@ -551,21 +549,19 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libtalloc-devel
-License: LGPLv3+
-Summary: Libraries and Header Files to Develop Programs with talloc Support
+%package -n libwbclient-devel
+License: GPLv3+
+Summary: Libraries and Header Files to Develop Programs with wbclient Support
Group: Development/Libraries/C and C++
AutoReqProv: on
-Version: %{libtalloc_ver}
-Release: 2.<RELEASE4>
-Requires: libtalloc2
+Requires: libwbclient0 = %{version}
-%description -n libtalloc-devel
+%description -n libwbclient-devel
This package contains the static libraries and header files needed to
-develop programs which make use of the talloc programming interface.
+develop programs which make use of the wbclient programming interface.
@@ -573,20 +569,20 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libtdb1
+%package -n libtalloc2
License: LGPLv3+
-Summary: Samba tdb Library
+Summary: Samba talloc Library
Group: System/Libraries
AutoReqProv: on
-Version: %{libtdb_ver}
-Release: 2.<RELEASE4>
+Version: %{libtalloc_ver}
+Release: 2.<RELEASE5>
PreReq: /sbin/ldconfig
-%description -n libtdb1
-This package includes the tdb library.
+%description -n libtalloc2
+This package includes the talloc library.
@@ -594,21 +590,21 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libtdb-devel
+%package -n libtalloc-devel
License: LGPLv3+
-Summary: Libraries and Header Files to Develop Programs with tdb Support
+Summary: Libraries and Header Files to Develop Programs with talloc Support
Group: Development/Libraries/C and C++
AutoReqProv: on
-Version: %{libtdb_ver}
-Release: 2.<RELEASE4>
-Requires: libtdb1
+Version: %{libtalloc_ver}
+Release: 2.<RELEASE5>
+Requires: libtalloc2 = %{libtalloc_ver}
-%description -n libtdb-devel
+%description -n libtalloc-devel
This package contains the static libraries and header files needed to
-develop programs which make use of the tdb programming interface.
+develop programs which make use of the talloc programming interface.
@@ -616,18 +612,20 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libwbclient0
-License: GPLv3+
-Summary: Samba libwbclient Library
+%package -n libtdb1
+License: LGPLv3+
+Summary: Samba tdb Library
Group: System/Libraries
AutoReqProv: on
+Version: %{libtdb_ver}
+Release: 2.<RELEASE5>
PreReq: /sbin/ldconfig
-%description -n libwbclient0
-This package includes the wbclient library.
+%description -n libtdb1
+This package includes the tdb library.
@@ -635,19 +633,21 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
-%package -n libwbclient-devel
-License: GPLv3+
-Summary: Libraries and Header Files to Develop Programs with wbclient Support
+%package -n libtdb-devel
+License: LGPLv3+
+Summary: Libraries and Header Files to Develop Programs with tdb Support
Group: Development/Libraries/C and C++
AutoReqProv: on
-Requires: libwbclient0
+Version: %{libtdb_ver}
+Release: 2.<RELEASE5>
+Requires: libtdb1 = %{libtdb_ver}
-%description -n libwbclient-devel
+%description -n libtdb-devel
This package contains the static libraries and header files needed to
-develop programs which make use of the wbclient programming interface.
+develop programs which make use of the tdb programming interface.
@@ -655,7 +655,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libtevent0
@@ -664,7 +664,7 @@
Group: System/Libraries
AutoReqProv: on
Version: %{libtevent_ver}
-Release: 2.<RELEASE4>
+Release: 2.<RELEASE5>
PreReq: /sbin/ldconfig
%description -n libtevent0
@@ -676,7 +676,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libtevent-devel
@@ -685,8 +685,8 @@
Group: Development/Libraries/C and C++
AutoReqProv: on
Version: %{libtevent_ver}
-Release: 2.<RELEASE4>
-Requires: libtevent0
+Release: 2.<RELEASE5>
+Requires: libtevent0 = %{libtevent_ver}
%description -n libtevent-devel
This package contains the static libraries and header files needed to
@@ -699,7 +699,7 @@
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libldb0
@@ -708,7 +708,7 @@
Group: System/Libraries
AutoReqProv: on
Version: %{libldb_ver}
-Release: 2.<RELEASE4>
+Release: 2.<RELEASE5>
PreReq: /sbin/ldconfig
%description -n libldb0
@@ -721,7 +721,7 @@
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%package -n libldb-devel
@@ -730,8 +730,8 @@
Group: Development/Libraries/C and C++
AutoReqProv: on
Version: %{libldb_ver}
-Release: 2.<RELEASE4>
-Requires: libldb0
+Release: 2.<RELEASE5>
+Requires: libldb0 = %{libldb_ver}
%description -n libldb-devel
This package contains the static libraries and header files needed to
@@ -743,7 +743,7 @@
--------
The Samba Team
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%if %{make_ldapsmb}
@@ -754,7 +754,7 @@
Group: Productivity/Networking/Samba
AutoReqProv: on
Version: 1.34b
-Release: 298.<RELEASE4>
+Release: 298.<RELEASE5>
Requires: perl-ldap
%description -n ldapsmb
@@ -767,7 +767,7 @@
--------
Guenther Deschner <guenther at deschner dot de>
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%endif
@@ -790,14 +790,14 @@
--------
Steve French <sfrench at Samba dot org>
-Source Timestamp: 2505
+Source Timestamp: 2573
Branch : 3.5.7
%endif
%if %{make_vscan}
%package vscan
-License: GPL v2 or later
+License: GPLv2+
Summary: On-Access Virus Scanning with Samba
Group: Productivity/Networking/Samba
AutoReqProv: on
++++++ build-source-timestamp ++++++
--- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200
+++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200
@@ -1,2 +1,2 @@
-2505
+2573
Branch : 3.5.7
++++++ patches.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846
--- old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 2011-04-26 18:37:00.000000000 +0200
@@ -0,0 +1,17 @@
+Fix GetPrinterData response
+
+When returning WERR_MORE_DATA, the GetPrinterData data type field must be
+retained otherwise Windows XP/2k3 will not reissue the request.
+Index: source3/rpc_server/srv_spoolss_nt.c
+===================================================================
+--- source3/rpc_server/srv_spoolss_nt.c.orig
++++ source3/rpc_server/srv_spoolss_nt.c
+@@ -8725,7 +8725,7 @@ WERROR _spoolss_GetPrinterDataEx(pipes_s
+ return result;
+ }
+
+- *r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, REG_NONE);
++ /* retain type when returning WERR_MORE_DATA */
+ r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data);
+
+ return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a
--- old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 2011-03-18 16:39:42.000000000 +0100
@@ -0,0 +1,24 @@
+commit 21576e3f8c32878910460bf9575c200ad93d682a
+Author: Günther Deschner
+Date: Fri Oct 1 06:08:12 2010 +0200
+
+ s3-net: make sure we dont crash when publishing a single printer.
+
+ Guenther
+
+Index: source3/utils/net_rpc_printer.c
+===================================================================
+--- source3/utils/net_rpc_printer.c.orig
++++ source3/utils/net_rpc_printer.c
+@@ -1091,6 +1091,11 @@ static bool get_printer_info(struct rpc_
+ &hnd))
+ return false;
+
++ *info_p = talloc_zero(mem_ctx, union spoolss_PrinterInfo);
++ if (*info_p == NULL) {
++ return false;
++ }
++
+ if (!net_spoolss_getprinter(pipe_hnd, mem_ctx, &hnd, level, *info_p)) {
+ rpccli_spoolss_ClosePrinter(pipe_hnd, mem_ctx, &hnd, NULL);
+ return false;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830
--- old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 2011-07-21 22:10:31.000000000 +0200
@@ -0,0 +1,93 @@
+commit 3a3c118a7edf679d6b545df035fd8d51b00e0830
+Author: Michael Adam
+Date: Wed Dec 22 14:16:07 2010 +0100
+
+ s3:dbwrap_ctdb: in ctdb_delete, send a SCHEDULE_FOR_DELETION control to local ctdbd
+
+ This way, the record will be scheduled for fast vacuuming.
+
+ This is sent with the NOREPLY flag, so ctd should not sent
+ a reply packet and samba does not expect one. Hence, it
+ is not important for the success of the db_ctdb_delete command
+ whether or not the ctdbd we are running against supports the
+ SCHEDULE_FOR_DELETION control.
+
+Index: source3/lib/dbwrap_ctdb.c
+===================================================================
+--- source3/lib/dbwrap_ctdb.c.orig
++++ source3/lib/dbwrap_ctdb.c
+@@ -879,9 +879,56 @@ static NTSTATUS db_ctdb_store(struct db_
+
+
+
++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION
++static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec)
++{
++ NTSTATUS status;
++ struct ctdb_control_schedule_for_deletion *dd;
++ TDB_DATA indata;
++ int cstatus;
++ struct db_ctdb_rec *crec = talloc_get_type_abort(
++ rec->private_data, struct db_ctdb_rec);
++
++ indata.dsize = offsetof(struct ctdb_control_schedule_for_deletion, key) + rec->key.dsize;
++ indata.dptr = talloc_zero_array(crec, uint8_t, indata.dsize);
++ if (indata.dptr == NULL) {
++ DEBUG(0, (__location__ " talloc failed!\n"));
++ return NT_STATUS_NO_MEMORY;
++ }
++
++ dd = (struct ctdb_control_schedule_for_deletion *)(void *)indata.dptr;
++ dd->db_id = crec->ctdb_ctx->db_id;
++ dd->hdr = crec->header;
++ dd->keylen = rec->key.dsize;
++ memcpy(dd->key, rec->key.dptr, rec->key.dsize);
++
++ status = ctdbd_control_local(messaging_ctdbd_connection(),
++ CTDB_CONTROL_SCHEDULE_FOR_DELETION,
++ crec->ctdb_ctx->db_id,
++ CTDB_CTRL_FLAG_NOREPLY, /* flags */
++ indata,
++ NULL, /* outdata */
++ NULL, /* errmsg */
++ &cstatus);
++ talloc_free(indata.dptr);
++
++ if (!NT_STATUS_IS_OK(status) || cstatus != 0) {
++ DEBUG(1, (__location__ " Error sending local control "
++ "SCHEDULE_FOR_DELETION: %s, cstatus = %d\n",
++ nt_errstr(status), cstatus));
++ if (NT_STATUS_IS_OK(status)) {
++ status = NT_STATUS_UNSUCCESSFUL;
++ }
++ }
++
++ return status;
++}
++#endif
++
+ static NTSTATUS db_ctdb_delete(struct db_record *rec)
+ {
+ TDB_DATA data;
++ NTSTATUS status;
+
+ /*
+ * We have to store the header with empty data. TODO: Fix the
+@@ -890,8 +937,16 @@ static NTSTATUS db_ctdb_delete(struct db
+
+ ZERO_STRUCT(data);
+
+- return db_ctdb_store(rec, data, 0);
++ status = db_ctdb_store(rec, data, 0);
++ if (!NT_STATUS_IS_OK(status)) {
++ return status;
++ }
++
++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION
++ status = db_ctdb_send_schedule_for_deletion(rec);
++#endif
+
++ return status;
+ }
+
+ static int db_ctdb_record_destr(struct db_record* data)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/CVE-2011-2522.diff new/patches/samba.org/CVE-2011-2522.diff
--- old/patches/samba.org/CVE-2011-2522.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/CVE-2011-2522.diff 2011-07-27 01:32:27.000000000 +0200
@@ -0,0 +1,467 @@
+From 42321e69cb3b245f8cce5f85524d1f3bec780042 Mon Sep 17 00:00:00 2001
+From: Kai Blin
+Date: Fri, 8 Jul 2011 12:56:21 +0200
+Subject: [PATCH 02/13] s3 swat: Allow getting the user's HTTP auth password
+
+Signed-off-by: Kai Blin
+
+Index: source3/web/cgi.c
+===================================================================
+--- source3/web/cgi.c.orig
++++ source3/web/cgi.c
+@@ -19,6 +19,8 @@
+
+ #include "includes.h"
+ #include "web/swat_proto.h"
++#include "secrets.h"
++#include "../lib/util/util.h"
+
+ #define MAX_VARIABLES 10000
+
+@@ -42,6 +44,7 @@ static char *query_string;
+ static const char *baseurl;
+ static char *pathinfo;
+ static char *C_user;
++static char *C_pass;
+ static bool inetd_server;
+ static bool got_request;
+
+@@ -320,7 +323,23 @@ static void cgi_web_auth(void)
+ exit(0);
+ }
+
+- setuid(0);
++ C_user = SMB_STRDUP(user);
++
++ if (!setuid(0)) {
++ C_pass = secrets_fetch_generic("root", "SWAT");
++ if (C_pass == NULL) {
++ char *tmp_pass = NULL;
++ tmp_pass = generate_random_str(talloc_tos(), 16);
++ if (tmp_pass == NULL) {
++ printf("%sFailed to create random nonce for "
++ "SWAT session\n<br>%s\n", head, tail);
++ exit(0);
++ }
++ secrets_store_generic("root", "SWAT", tmp_pass);
++ C_pass = SMB_STRDUP(tmp_pass);
++ TALLOC_FREE(tmp_pass);
++ }
++ }
+ setuid(pwd->pw_uid);
+ if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
+ printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
+@@ -388,6 +407,7 @@ static bool cgi_handle_authorization(cha
+
+ /* Save the users name */
+ C_user = SMB_STRDUP(user);
++ C_pass = SMB_STRDUP(user_pass);
+ TALLOC_FREE(pass);
+ return True;
+ }
+@@ -422,6 +442,13 @@ char *cgi_user_name(void)
+ return(C_user);
+ }
+
++/***************************************************************************
++return a ptr to the users password
++ ***************************************************************************/
++char *cgi_user_pass(void)
++{
++ return(C_pass);
++}
+
+ /***************************************************************************
+ handle a file download
+Index: source3/web/statuspage.c
+===================================================================
+--- source3/web/statuspage.c.orig
++++ source3/web/statuspage.c
+@@ -247,9 +247,14 @@ void status_page(void)
+ int nr_running=0;
+ bool waitup = False;
+ TALLOC_CTX *ctx = talloc_stackframe();
++ const char form_name[] = "status";
+
+ smbd_pid = pid_to_procid(pidfile_pid("smbd"));
+
++ if (!verify_xsrf_token(form_name)) {
++ goto output_page;
++ }
++
+ if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) {
+ stop_smbd();
+ start_smbd();
+@@ -326,9 +331,11 @@ void status_page(void)
+
+ initPid2Machine ();
+
++output_page:
+ printf("<H2>%s</H2>\n", _("Server Status"));
+
+ printf("<FORM method=post>\n");
++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+
+ if (!autorefresh) {
+ printf("\n", _("Auto Refresh"));
+Index: source3/web/swat.c
+===================================================================
+--- source3/web/swat.c.orig
++++ source3/web/swat.c
+@@ -29,6 +29,7 @@
+
+ #include "includes.h"
+ #include "web/swat_proto.h"
++#include "../lib/crypto/md5.h"
+
+ static int demo_mode = False;
+ static int passwd_only = False;
+@@ -50,6 +51,9 @@ static int iNumNonAutoPrintServices = 0;
+ #define DISABLE_USER_FLAG "disable_user_flag"
+ #define ENABLE_USER_FLAG "enable_user_flag"
+ #define RHOST "remote_host"
++#define XSRF_TOKEN "xsrf"
++#define XSRF_TIME "xsrf_time"
++#define XSRF_TIMEOUT 300
+
+ #define _(x) lang_msg_rotate(talloc_tos(),x)
+
+@@ -138,6 +142,76 @@ static char *make_parm_name(const char *
+ return parmname;
+ }
+
++void get_xsrf_token(const char *username, const char *pass,
++ const char *formname, time_t xsrf_time, char token_str[33])
++{
++ struct MD5Context md5_ctx;
++ uint8_t token[16];
++ int i;
++
++ token_str[0] = '\0';
++ ZERO_STRUCT(md5_ctx);
++ MD5Init(&md5_ctx);
++
++ MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname));
++ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t));
++ if (username != NULL) {
++ MD5Update(&md5_ctx, (uint8_t *)username, strlen(username));
++ }
++ if (pass != NULL) {
++ MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass));
++ }
++
++ MD5Final(token, &md5_ctx);
++
++ for(i = 0; i < sizeof(token); i++) {
++ char tmp[3];
++
++ snprintf(tmp, sizeof(tmp), "%02x", token[i]);
++ strncat(token_str, tmp, sizeof(tmp));
++ }
++}
++
++void print_xsrf_token(const char *username, const char *pass,
++ const char *formname)
++{
++ char token[33];
++ time_t xsrf_time = time(NULL);
++
++ get_xsrf_token(username, pass, formname, xsrf_time, token);
++ printf("\n",
++ XSRF_TOKEN, token);
++ printf("\n",
++ XSRF_TIME, (long long int)xsrf_time);
++}
++
++bool verify_xsrf_token(const char *formname)
++{
++ char expected[33];
++ const char *username = cgi_user_name();
++ const char *pass = cgi_user_pass();
++ const char *token = cgi_variable_nonull(XSRF_TOKEN);
++ const char *time_str = cgi_variable_nonull(XSRF_TIME);
++ time_t xsrf_time = 0;
++ time_t now = time(NULL);
++
++ if (sizeof(time_t) == sizeof(int)) {
++ xsrf_time = atoi(time_str);
++ } else if (sizeof(time_t) == sizeof(long)) {
++ xsrf_time = atol(time_str);
++ } else if (sizeof(time_t) == sizeof(long long)) {
++ xsrf_time = atoll(time_str);
++ }
++
++ if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
++ return false;
++ }
++
++ get_xsrf_token(username, pass, formname, xsrf_time, expected);
++ return (strncmp(expected, token, sizeof(expected)) == 0);
++}
++
++
+ /****************************************************************************
+ include a lump of html in a page
+ ****************************************************************************/
+@@ -611,13 +685,20 @@ static void welcome_page(void)
+ static void viewconfig_page(void)
+ {
+ int full_view=0;
++ const char form_name[] = "viewconfig";
++
++ if (!verify_xsrf_token(form_name)) {
++ goto output_page;
++ }
+
+ if (cgi_variable("full_view")) {
+ full_view = 1;
+ }
+
++output_page:
+ printf("<H2>%s</H2>\n", _("Current Config"));
+ printf("<form method=post>\n");
++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name);
+
+ if (full_view) {
+ printf("\n", _("Normal View"));
+@@ -637,18 +718,25 @@ static void viewconfig_page(void)
+ static void wizard_params_page(void)
+ {
+ unsigned int parm_filter = FLAG_WIZARD;
++ const char form_name[] = "wizard_params";
+
+ /* Here we first set and commit all the parameters that were selected
+ in the previous screen. */
+
+ printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page"));
+
++ if (!verify_xsrf_token(form_name)) {
++ goto output_page;
++ }
++
+ if (cgi_variable("Commit")) {
+ commit_parameters(GLOBAL_SECTION_SNUM);
+ save_reload(-1);
+ }
+
++output_page:
+ printf("