Merge branch 'branch-5.0' into release

author Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)

committer Richard Kettlewell <rjk@terraraq.org.uk>

Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)
author Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)
committer Richard Kettlewell <rjk@terraraq.org.uk>
Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)
diff --git a/CHANGES.html b/CHANGES.html

index 617f880..008cc87 100644 (file)
--- a/CHANGES.html
+++ b/CHANGES.html
@@ -68,6 +68,15 @@ span.command {
  <p>This file documents recent user-visible changes to <a
   href="http://www.greenend.org.uk/rjk/disorder/">DisOrder</a>.</p>
  
+<h2>Changes up to version 5.0.3</h2>
+
+<div class=section>
+
+<p><b>Security</b>: Local connections can no longer create and delete users
+unless they are properly authorized.</p>
+
+</div>
+
  <h2>Changes up to version 5.0.2</h2>
  
  <div class=section>
diff --git a/server/server.c b/server/server.c

index 858edbc..0ebfb4f 100644 (file)
--- a/server/server.c
+++ b/server/server.c
@@ -1855,12 +1855,12 @@ static const struct command {
     */
    rights_type rights;
  } commands[] = {
-  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "adduser",        2, 3,       c_adduser,        RIGHT_ADMIN },
    { "adopt",          1, 1,       c_adopt,          RIGHT_PLAY },
    { "allfiles",       0, 2,       c_allfiles,       RIGHT_READ },
    { "confirm",        1, 1,       c_confirm,        0 },
    { "cookie",         1, 1,       c_cookie,         0 },
-  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN|RIGHT__LOCAL },
+  { "deluser",        1, 1,       c_deluser,        RIGHT_ADMIN },
    { "dirs",           0, 2,       c_dirs,           RIGHT_READ },
    { "disable",        0, 1,       c_disable,        RIGHT_GLOBAL_PREFS },
    { "edituser",       3, 3,       c_edituser,       RIGHT_ADMIN|RIGHT_USERINFO },
@@ -1897,7 +1897,7 @@ static const struct command {
    { "random-enabled", 0, 0,       c_random_enabled, RIGHT_READ },
    { "recent",         0, 0,       c_recent,         RIGHT_READ },
    { "reconfigure",    0, 0,       c_reconfigure,    RIGHT_ADMIN },
-  { "register",       3, 3,       c_register,       RIGHT_REGISTER|RIGHT__LOCAL },
+  { "register",       3, 3,       c_register,       RIGHT_REGISTER },
    { "reminder",       1, 1,       c_reminder,       RIGHT__LOCAL },
    { "remove",         1, 1,       c_remove,         RIGHT_REMOVE__MASK },
    { "rescan",         0, INT_MAX, c_rescan,         RIGHT_RESCAN },
author	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)
committer	Richard Kettlewell <rjk@terraraq.org.uk>
	Sun, 31 Jul 2011 16:07:14 +0000 (17:07 +0100)
CHANGES.html		patch \| blob \| blame \| history
server/server.c		patch \| blob \| blame \| history