SECURITY: server: don't allow local connections to adduser/deluser.

author Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)

committer Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)
author Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)
committer Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)
diff --git a/server/server.c b/server/server.c

index 858edbc9d2da531516903aa3a77bd2ac08170cd5..0ebfb4f0782fb8c4d5d8f91184928a4eb6606c5b 100644 (file)
--- a/server/server.c
+++ b/server/server.c
@@ -1855,12 +1855,12 @@ static const struct command {
     */
    rights_type rights;
  } commands[] = {
     */
    rights_type rights;
  } commands[] = {
-  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN },
    { "adopt",          1, 1,       c_adopt,          RIGHT_PLAY },
    { "allfiles",       0, 2,       c_allfiles,       RIGHT_READ },
    { "confirm",        1, 1,       c_confirm,        0 },
    { "cookie",         1, 1,       c_cookie,         0 },
    { "adopt",          1, 1,       c_adopt,          RIGHT_PLAY },
    { "allfiles",       0, 2,       c_allfiles,       RIGHT_READ },
    { "confirm",        1, 1,       c_confirm,        0 },
    { "cookie",         1, 1,       c_cookie,         0 },
-  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN },
    { "dirs",           0, 2,       c_dirs,           RIGHT_READ },
    { "disable",        0, 1,       c_disable,        RIGHT_GLOBAL_PREFS },
    { "edituser",       3, 3,       c_edituser,       RIGHT_ADMIN|RIGHT_USERINFO },
    { "dirs",           0, 2,       c_dirs,           RIGHT_READ },
    { "disable",        0, 1,       c_disable,        RIGHT_GLOBAL_PREFS },
    { "edituser",       3, 3,       c_edituser,       RIGHT_ADMIN|RIGHT_USERINFO },
@@ -1897,7 +1897,7 @@ static const struct command {
    { "random-enabled", 0, 0,       c_random_enabled, RIGHT_READ },
    { "recent",         0, 0,       c_recent,         RIGHT_READ },
    { "reconfigure",    0, 0,       c_reconfigure,    RIGHT_ADMIN },
    { "random-enabled", 0, 0,       c_random_enabled, RIGHT_READ },
    { "recent",         0, 0,       c_recent,         RIGHT_READ },
    { "reconfigure",    0, 0,       c_reconfigure,    RIGHT_ADMIN },
-  { "register",       3, 3,       c_register,       RIGHT_REGISTER|RIGHT__LOCAL },
+  { "register",       3, 3,       c_register,       RIGHT_REGISTER },
    { "reminder",       1, 1,       c_reminder,       RIGHT__LOCAL },
    { "remove",         1, 1,       c_remove,         RIGHT_REMOVE__MASK },
    { "rescan",         0, INT_MAX, c_rescan,         RIGHT_RESCAN },
    { "reminder",       1, 1,       c_reminder,       RIGHT__LOCAL },
    { "remove",         1, 1,       c_remove,         RIGHT_REMOVE__MASK },
    { "rescan",         0, INT_MAX, c_rescan,         RIGHT_RESCAN },
author	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)
committer	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 15:55:51 +0000 (16:55 +0100)