From: Richard Kettlewell Date: Sun, 31 Jul 2011 16:16:46 +0000 (+0100) Subject: Merge remote-tracking branch 'origin/branch-5.0' X-Git-Tag: branchpoint-5.1~33 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/feda7bfaefd9e5fb705d6893f26428a3109e7226?hp=0c3b38f7de9d4441c41c7af18e7b7863ad730088 Merge remote-tracking branch 'origin/branch-5.0' Conflicts: CHANGES.html --- diff --git a/CHANGES.html b/CHANGES.html index 65f10ae..75a9ef4 100644 --- a/CHANGES.html +++ b/CHANGES.html @@ -74,6 +74,15 @@ href="README.upgrades.html">README.upgrades before upgrading.

+

Changes up to version 5.0.3

+ +
+ +

Security: Local connections can no longer create and delete users +unless they are properly authorized.

+ +
+

Changes up to version 5.0.2

diff --git a/server/server.c b/server/server.c index c09b044..53a351b 100644 --- a/server/server.c +++ b/server/server.c @@ -1865,12 +1865,12 @@ static const struct command { */ rights_type rights; } commands[] = { - { "adduser", 2, 3, c_adduser, RIGHT_ADMIN|RIGHT__LOCAL }, + { "adduser", 2, 3, c_adduser, RIGHT_ADMIN }, { "adopt", 1, 1, c_adopt, RIGHT_PLAY }, { "allfiles", 0, 2, c_allfiles, RIGHT_READ }, { "confirm", 1, 1, c_confirm, 0 }, { "cookie", 1, 1, c_cookie, 0 }, - { "deluser", 1, 1, c_deluser, RIGHT_ADMIN|RIGHT__LOCAL }, + { "deluser", 1, 1, c_deluser, RIGHT_ADMIN }, { "dirs", 0, 2, c_dirs, RIGHT_READ }, { "disable", 0, 1, c_disable, RIGHT_GLOBAL_PREFS }, { "edituser", 3, 3, c_edituser, RIGHT_ADMIN|RIGHT_USERINFO }, @@ -1907,7 +1907,7 @@ static const struct command { { "random-enabled", 0, 0, c_random_enabled, RIGHT_READ }, { "recent", 0, 0, c_recent, RIGHT_READ }, { "reconfigure", 0, 0, c_reconfigure, RIGHT_ADMIN }, - { "register", 3, 3, c_register, RIGHT_REGISTER|RIGHT__LOCAL }, + { "register", 3, 3, c_register, RIGHT_REGISTER }, { "reminder", 1, 1, c_reminder, RIGHT__LOCAL }, { "remove", 1, 1, c_remove, RIGHT_REMOVE__MASK }, { "rescan", 0, INT_MAX, c_rescan, RIGHT_RESCAN },