Merge remote-tracking branch 'origin/branch-5.0'

author Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)

committer Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)
author Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)
committer Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)
diff --git a/CHANGES.html b/CHANGES.html

index 65f10ae9576bcc877088f4d340d9f9a5116c9136..75a9ef48d3d2dd6f0beac5ea0269820ddf0dfc47 100644 (file)
--- a/CHANGES.html
+++ b/CHANGES.html
@@ -74,6 +74,15 @@ href="README.upgrades.html">README.upgrades</a> before upgrading.</p>
  
  </div>
  
+<h2>Changes up to version 5.0.3</h2>
+
+<div class=section>
+
+<p><b>Security</b>: Local connections can no longer create and delete users
+unless they are properly authorized.</p>
+
+</div>
+
  <h2>Changes up to version 5.0.2</h2>
  
  <div class=section>
diff --git a/server/server.c b/server/server.c

index c09b0445f128abffebd949b44173fc8930ea8bfe..53a351bc455c181981f6150ba9ff557a95eb134a 100644 (file)
--- a/server/server.c
+++ b/server/server.c
@@ -1865,12 +1865,12 @@ static const struct command {
     */
    rights_type rights;
  } commands[] = {
-  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN },
    { "adopt",          1, 1,       c_adopt,          RIGHT_PLAY },
    { "allfiles",       0, 2,       c_allfiles,       RIGHT_READ },
    { "confirm",        1, 1,       c_confirm,        0 },
    { "cookie",         1, 1,       c_cookie,         0 },
-  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN },
    { "dirs",           0, 2,       c_dirs,           RIGHT_READ },
    { "disable",        0, 1,       c_disable,        RIGHT_GLOBAL_PREFS },
    { "edituser",       3, 3,       c_edituser,       RIGHT_ADMIN|RIGHT_USERINFO },
@@ -1907,7 +1907,7 @@ static const struct command {
    { "random-enabled", 0, 0,       c_random_enabled, RIGHT_READ },
    { "recent",         0, 0,       c_recent,         RIGHT_READ },
    { "reconfigure",    0, 0,       c_reconfigure,    RIGHT_ADMIN },
-  { "register",       3, 3,       c_register,       RIGHT_REGISTER|RIGHT__LOCAL },
+  { "register",       3, 3,       c_register,       RIGHT_REGISTER },
    { "reminder",       1, 1,       c_reminder,       RIGHT__LOCAL },
    { "remove",         1, 1,       c_remove,         RIGHT_REMOVE__MASK },
    { "rescan",         0, INT_MAX, c_rescan,         RIGHT_RESCAN },
author	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)
committer	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 16:16:46 +0000 (17:16 +0100)
CHANGES.html		patch \| blob \| blame \| history
server/server.c		patch \| blob \| blame \| history