Author Topic: Testing build #219  (Read 14215 times)

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Insane programmer
  • *
  • Posts: 12814
  • Country: it
    • View Profile
Testing build #219
« on: January 17, 2009, 07:45:36 AM »
NOTICE: this includes an important security fix.

download @ www.dovedove.it/hfs/hfs219.exe

what's new
+ easier way to restore options after "temporarily reset options"
- big security problem only for Win95/98/ME (not others): directory crossing www.rejetto.com/forum/?topic=6542
- {.mime.} was not working
- file properties: "add new" icon was enabled for root

Offline luckman212

  • Regular poster
  • **
  • Posts: 28
    • View Profile
Re: Testing build #219
« Reply #1 on: January 17, 2009, 11:11:17 AM »
cheers!  thank you!!   ;D
also, this bug is still not fixed:
http://www.rejetto.com/forum/index.php?topic=6484.msg1039325#msg1039325

Offline maverick

  • Insane poster
  • *****
  • Posts: 1052
  • Computer Solutions
    • View Profile
Re: Testing build #219
« Reply #2 on: January 17, 2009, 01:30:41 PM »
also, this bug is still not fixed:
http://www.rejetto.com/forum/index.php?topic=6484.msg1039325#msg1039325

1.  I confirm the default template error - builds 218, 219 (maybe older builds too)
2.  It happens when the [upload-success] section is triggered
« Last Edit: January 20, 2009, 07:41:11 PM by maverick »
maverick

Offline Kremlin

  • Tireless poster
  • ****
  • Posts: 137
    • View Profile
Re: Testing build #219
« Reply #3 on: January 20, 2009, 05:14:34 PM »
Hi, it was I that actually reported this bug http://www.rejetto.com/forum/index.php?topic=6508.0 and just wanted to know if you were refering to 219 or 220  :)
Posted on: 20 January 2009, 23:30:11
I'm talking about a diferent bug report (the one in the link i pasted), and was asking rejetto about his response in it   ;)

Offline luckman212

  • Regular poster
  • **
  • Posts: 28
    • View Profile
Re: Testing build #219
« Reply #4 on: January 20, 2009, 06:16:47 PM »
I was talking about build #219
Is there a 220 available?
I was not aware of it.
 :o

Offline Kremlin

  • Tireless poster
  • ****
  • Posts: 137
    • View Profile
Re: Testing build #219
« Reply #5 on: January 20, 2009, 07:58:48 PM »
220 is not yet released otherwise it would be available here in its apropriate place. If you read the linked topic you will unterstand that i was refering to the release 219 or the 220 yet to come.

Offline luca69

  • Experienced poster
  • ***
  • Posts: 95
    • View Profile
Re: Testing build #219
« Reply #6 on: January 22, 2009, 04:53:51 AM »
Installed 219.
I noticed that a group can be used as account as well, but without any password!

Moreover, the same user name can be specified into the user list more than once
Life is what happens to you while you are busy making other plans

Offline maverick

  • Insane poster
  • *****
  • Posts: 1052
  • Computer Solutions
    • View Profile
Re: Testing build #219
« Reply #7 on: January 22, 2009, 07:10:35 AM »
I noticed that a group can be used as account as well, but without any password!

HFS will prevent anyone from loggin in with a group name

Quote
Moreover, the same user name can be specified into the user list more than once

That user would be a member of more than one group.  Here is more information about user groups from the wiki -> http://www.rejetto.com/wiki/index.php/User_groups
maverick

Offline Ranger

  • Tireless poster
  • ****
  • Posts: 115
    • View Profile
Re: Testing build #219
« Reply #8 on: January 22, 2009, 07:27:36 AM »
I noticed that a group can be used as account as well, but without any password!

HFS will prevent anyone from loggin in with a group name

Actually I just tested logging in with a group name and it works. The login button disappears. However no new folders appear that this group should see, but they now have access to a folder your not supposed to until you login. 

Offline maverick

  • Insane poster
  • *****
  • Posts: 1052
  • Computer Solutions
    • View Profile
Re: Testing build #219
« Reply #9 on: January 22, 2009, 08:03:30 AM »
I noticed that a group can be used as account as well, but without any password!

HFS will prevent anyone from loggin in with a group name

Actually I just tested logging in with a group name and it works. The login button disappears. However no new folders appear that this group should see, but they now have access to a folder your not supposed to until you login. 

I just tried logging in with a group name and it wasn't successful.  How did you login?  What password did you use at loggin?  (no password is set up for a group name so there is nothing valid you can put in the password field).   The login fails.

You must have logged in with a valid user name & password then by the way that account was set up after login redirected to a group which is the way it would work.  But that's not what is being talked about here.
maverick

Offline Mars

  • Operator
  • Insane poster
  • *****
  • Posts: 1776
    • View Profile
Re: Testing build #219
« Reply #10 on: January 22, 2009, 08:56:19 AM »
Quote
I noticed that a group can be used as account as well, but without any password!
TRUE

Quote
HFS will prevent anyone from loggin in with a group name
FALSE

a)create an account with no password

b)Attribute the rights of access for a directory for this account only

c)convert this account as a group

d) you can go in the folder with the account(group) name and blank password

e) if you uncheck the group for this account, give it a password , and convert it as group

f) password box is masked
(don't forget to save every time :D )

f) you can now go in the folder with the group name and the new password ( leave blank and you can't log)


optionsdlg.pas
Quote
function ToptionsFrm.saveAccountProperties():boolean;
...
a:=@tempAccounts[lastAccountSelected];
a.enabled:=accountEnabledChk.checked;
a.pwd:=pwdBox.Text;
a.noLimits:=ignoreLimitsChk.checked;
a.redir:=redirBox.Text;
a.link:=split(';', trim(accountLinkBox.text));
a.group:=groupChk.Checked;
uniqueStrings(a.link);
result:=TRUE;
accountsBox.invalidate();
end; // saveAccountProperties

a.pwd:=pwdBox.Text;

   the password is saving every time you save an account, when you change an account to a group , the old password is not cleared. :)


sorry maverick, but I agree the other man  ;)

Offline Ranger

  • Tireless poster
  • ****
  • Posts: 115
    • View Profile
Re: Testing build #219
« Reply #11 on: January 22, 2009, 09:39:33 AM »
Thanks Mars, followed your steps and group login isn't a problem anymore.

Offline maverick

  • Insane poster
  • *****
  • Posts: 1052
  • Computer Solutions
    • View Profile
Re: Testing build #219
« Reply #12 on: January 22, 2009, 12:18:11 PM »
Quote
HFS will prevent anyone from loggin in with a group name
FALSE

Those words are from rejetto.
http://www.rejetto.com/forum/index.php?PHPSESSID=d2f5aeuucksujmgplin9q6aub2&topic=6198.msg1037132#msg1037132

Quote
a)create an account with no password

b)Attribute the rights of access for a directory for this account only

c)convert this account as a group

d) you can go in the folder with the account(group) name and blank password

e) if you uncheck the group for this account, give it a password , and convert it as group

f) password box is masked
(don't forget to save every time :D )

f) you can now go in the folder with the group name and the new password ( leave blank and you can't log)

optionsdlg.pas

function ToptionsFrm.saveAccountProperties():boolean;
...
a:=@tempAccounts[lastAccountSelected];
a.enabled:=accountEnabledChk.checked;
a.pwd:=pwdBox.Text;
a.noLimits:=ignoreLimitsChk.checked;
a.redir:=redirBox.Text;
a.link:=split(';', trim(accountLinkBox.text));
a.group:=groupChk.Checked;
uniqueStrings(a.link);
result:=TRUE;
accountsBox.invalidate();
end; // saveAccountProperties

a.pwd:=pwdBox.Text;

   the password is saving every time you save an account, when you change an account to a group , the old password is not cleared. :)
sorry maverick, but I agree the other man  ;)

I'm going to have to study this.  Is this the expected procedure and behavior or is what you are saying to me is a bug. ???

maverick

Offline Mars

  • Operator
  • Insane poster
  • *****
  • Posts: 1776
    • View Profile
Re: Testing build #219
« Reply #13 on: January 22, 2009, 12:41:57 PM »
I'm creating a "group" checkbox, so that you tell HFS you mean to use that account as a group.
This way
1. you won't need to enter an impossible password, HFS will prevent anyone from loggin in with the group name
2. i can create some GUI facilities for groups only

You are right but as it is not a bug, I would say rather that it is an important neglect of rejetto concerning the functioning of hfs :D
« Last Edit: January 22, 2009, 12:46:08 PM by mars »

Offline rejetto

  • Administrator
  • Insane programmer
  • *
  • Posts: 12814
  • Country: it
    • View Profile
Re: Testing build #219
« Reply #14 on: January 23, 2009, 07:13:40 AM »
Hi, it was I that actually reported this bug http://www.rejetto.com/forum/index.php?topic=6508.0 and just wanted to know if you were refering to 219 or 220  :)

you can see my post is dated 2 days after the publishing of this build, so NO, this is not your build ;)