Fossil

Check-in [2b5b7181]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Adds the obscure() shell function, exposing an internal mechanism without which you cannot programmatically set the user's sync password or HTTP auth creds. The existing mechanisms assume you can type into the console. Effectively, this gives us "fossil user pass" equivalents for these other password-like values.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | obscure-shell-function
Files: files | file ages | folders
SHA3-256: 2b5b7181a8a4d361b6bfffb8bd1c5bd596ab4a9134ca87587f2feb4bff5a3e41
User & Date: wyoung 2020-06-26 18:52:12.379
Context
2020-06-27
14:48
Add the obscure() shell function. Corresponding unobscure() is not provided. ... (check-in: f7e572b0 user: drh tags: trunk)
2020-06-26
18:52
Adds the obscure() shell function, exposing an internal mechanism without which you cannot programmatically set the user's sync password or HTTP auth creds. The existing mechanisms assume you can type into the console. Effectively, this gives us "fossil user pass" equivalents for these other password-like values. ... (Closed-Leaf check-in: 2b5b7181 user: wyoung tags: obscure-shell-function)
2020-06-25
13:32
Add a link to the built-in help to the permuted documentation index. ... (check-in: db90281c user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/db.c. 
1020
1021
1022
1023
1024
1025
1026



































1027
1028
1029
1030
1031
1032
1033

  if( zOut==0 ){
    sqlite3_result_error_nomem(context);
    return;
  }
  decode16(zIn, zOut, nIn);
  sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free);
}




































/*
** Register the SQL functions that are useful both to the internal
** representation and to the "fossil sql" command.
*/
void db_add_aux_functions(sqlite3 *db){
  sqlite3_create_function(db, "checkin_mtime", 2, SQLITE_UTF8, 0,








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068

  if( zOut==0 ){
    sqlite3_result_error_nomem(context);
    return;
  }
  decode16(zIn, zOut, nIn);
  sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free);
}

/*
** Return the XOR-obscured version of the input text.  Useful for
** updating authentication strings in Fossil settings.  To change
** the password locally stored for sync, for instance:
**
**    echo "UPDATE config
**        SET value = obscure('monkey123')
**        WHERE name = 'last-sync-pw'" |
**      fossil sql
**
** Note that user.pw uses a different obscuration algorithm, but
** you don't need to use 'fossil sql' for that anyway.  Just call
**
**    fossil user pass monkey123
**
** to change the local user entry's password in the same way.
*/
void db_obscure(
  sqlite3_context *context,
  int argc,
  sqlite3_value **argv
){
  const unsigned char *zIn = sqlite3_value_text(argv[0]);
  int nIn = sqlite3_value_bytes(argv[0]);
  char *zOut, *zTemp;
  if( 0==zIn ) return;
  if( 0==(zOut = sqlite3_malloc64( nIn * 2 + 3 )) ){
    sqlite3_result_error_nomem(context);
    return;
  }
  strcpy(zOut, zTemp = obscure((char*)zIn));
  fossil_free(zTemp);
  sqlite3_result_text(context, zOut, strlen(zOut), sqlite3_free);
}

/*
** Register the SQL functions that are useful both to the internal
** representation and to the "fossil sql" command.
*/
void db_add_aux_functions(sqlite3 *db){
  sqlite3_create_function(db, "checkin_mtime", 2, SQLITE_UTF8, 0,

1048
1049
1050
1051
1052
1053
1054


1055
1056
1057
1058
1059
1060
1061

                          0, capability_union_step, capability_union_finalize);
  sqlite3_create_function(db, "fullcap", 1, SQLITE_UTF8, 0,
                          capability_fullcap, 0, 0);
  sqlite3_create_function(db, "find_emailaddr", 1, SQLITE_UTF8, 0,
                          alert_find_emailaddr_func, 0, 0);
  sqlite3_create_function(db, "display_name", 1, SQLITE_UTF8, 0,
                          alert_display_name_func, 0, 0);


}

#if USE_SEE
/*
** This is a pointer to the saved database encryption key string.
*/
static char *zSavedKey = 0;








>
>








1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098

                          0, capability_union_step, capability_union_finalize);
  sqlite3_create_function(db, "fullcap", 1, SQLITE_UTF8, 0,
                          capability_fullcap, 0, 0);
  sqlite3_create_function(db, "find_emailaddr", 1, SQLITE_UTF8, 0,
                          alert_find_emailaddr_func, 0, 0);
  sqlite3_create_function(db, "display_name", 1, SQLITE_UTF8, 0,
                          alert_display_name_func, 0, 0);
  sqlite3_create_function(db, "obscure", 1, SQLITE_UTF8, 0,
                          db_obscure, 0, 0);
}

#if USE_SEE
/*
** This is a pointer to the saved database encryption key string.
*/
static char *zSavedKey = 0;