| commit | 589bc35590aebfdd20fe786c08005bb43ef47d94 | |
| author | Kai Blin <kai@samba.org> | |
| Tue, 12 Jul 2011 06:08:24 +0000 (12 08:08 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Tue, 26 Jul 2011 19:17:22 +0000 (26 21:17 +0200) | ||
| tree | 7b78aea471dfb7d2ac13788ffe32e6b227f30539 | treesnapshot (tar.gz zip) |
| parent | fb0d393a1972c28ecd6e49959c8c5b7900e1b574 | commitdiff |
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
| source3/web/cgi.c | diffblobblamehistory |