Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Simplify the Basic Authentication implementation, removing the need for the strtok_r() library function. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
2e76b99f5ce5301c4cf82f06d069ec60 |
User & Date: | drh 2017-03-15 00:19:41.866 |
Context
2017-03-15
| ||
00:31 | added missing return type in login_basic_authentication() definition. ... (check-in: fd928b6e user: stephan tags: trunk) | |
00:19 | Simplify the Basic Authentication implementation, removing the need for the strtok_r() library function. ... (check-in: 2e76b99f user: drh tags: trunk) | |
2017-03-14
| ||
23:30 | Changed remaining regexps in test cases that match hashes to allow hashes to range from 40 to 64 hex digits. Added the same_uuid proc to the test harness to regularize comparing uuids. It is true if one is a prefix of the other. There are still regressions in the test suite, especially in amend.test, but this is progress. ... (check-in: 0541af5f user: rberteig tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
47 48 49 50 51 52 53 | # include <windows.h> /* for Sleep */ # if defined(__MINGW32__) || defined(_MSC_VER) # define sleep Sleep /* windows does not have sleep, but Sleep */ # endif #endif #include <time.h> | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | # include <windows.h> /* for Sleep */ # if defined(__MINGW32__) || defined(_MSC_VER) # define sleep Sleep /* windows does not have sleep, but Sleep */ # endif #endif #include <time.h> /* ** Return the login-group name. Or return 0 if this repository is ** not a member of a login-group. */ const char *login_group_name(void){ static const char *zGroup = 0; |
︙ | ︙ | |||
883 884 885 886 887 888 889 890 891 892 893 894 895 896 | int login_wants_https_redirect(void){ if( g.sslNotAvailable ) return 0; if( db_get_boolean("redirect-to-https",0)==0 ) return 0; if( P("HTTPS")!=0 ) return 0; return 1; } /* ** This routine examines the login cookie to see if it exists and ** is valid. If the login cookie checks out, it then sets global ** variables appropriately. ** ** g.userUid Database USER.UID value. Might be -1 for "nobody" ** g.zLogin Database USER.LOGIN value. NULL for user "nobody" | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 | int login_wants_https_redirect(void){ if( g.sslNotAvailable ) return 0; if( db_get_boolean("redirect-to-https",0)==0 ) return 0; if( P("HTTPS")!=0 ) return 0; return 1; } /* ** Attempt to use Basic Authentication to establish the user. Return the ** (non-zero) uid if successful. Return 0 if it does not work. */ static logic_basic_authentication(const char *zIpAddr){ const char *zAuth = PD("HTTP_AUTHORIZATION", 0); int i; int uid = 0; int nDecode = 0; char *zDecode = 0; const char *zUsername = 0; const char *zPasswd = 0; if( zAuth==0 ) return 0; /* Fail: No Authentication: header */ while( fossil_isspace(zAuth[0]) ) zAuth++; /* Skip leading whitespace */ if( strncmp(zAuth, "Basic ", 6)!=0 ) return 0; /* Fail: Not Basic Authentication */ /* Parse out the username and password, separated by a ":" */ zAuth += 6; while( fossil_isspace(zAuth[0]) ) zAuth++; zDecode = decode64(zAuth, &nDecode); for(i=0; zDecode[i] && zDecode[i]!=':'; i++){} if( zDecode[i] ){ zDecode[i] = 0; zUsername = zDecode; zPasswd = &zDecode[i+1]; /* Attempting to log in as the user provided by HTTP ** basic auth */ uid = login_search_uid(zUsername, zPasswd); if( uid>0 ){ record_login_attempt(zUsername, zIpAddr, 1); }else{ record_login_attempt(zUsername, zIpAddr, 0); /* The user attempted to login specifically with HTTP basic ** auth, but provided invalid credentials. Inform them of ** the failed login attempt via 401. */ cgi_set_status(401, "Unauthorized"); cgi_reply(); fossil_exit(0); } } fossil_free(zDecode); return uid; } /* ** This routine examines the login cookie to see if it exists and ** is valid. If the login cookie checks out, it then sets global ** variables appropriately. ** ** g.userUid Database USER.UID value. Might be -1 for "nobody" ** g.zLogin Database USER.LOGIN value. NULL for user "nobody" |
︙ | ︙ | |||
1008 1009 1010 1011 1012 1013 1014 | } } /* If the request didn't provide a login cookie or the login cookie didn't ** match a known valid user, check the HTTP "Authorization" header and ** see if those credentials are valid for a known user. */ | < < < < < < | < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 | } } /* If the request didn't provide a login cookie or the login cookie didn't ** match a known valid user, check the HTTP "Authorization" header and ** see if those credentials are valid for a known user. */ if( uid==0 && db_get_boolean("http_authentication_ok",0) ){ uid = logic_basic_authentication(zIpAddr); } /* If no user found yet, try to log in as "nobody" */ if( uid==0 ){ uid = db_int(0, "SELECT uid FROM user WHERE login='nobody'"); if( uid==0 ){ /* If there is no user "nobody", then make one up - with no privileges */ |
︙ | ︙ |