Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix an issue with inherited capabilities in the subrepo mechanism. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
3bd2de4c92f8f00f1651edbf83615e16 |
| User & Date: | drh 2011-05-09 12:44:38 |
Context
|
2011-05-09
| ||
| 12:55 | Use a combination of $HOMEDRIVE$HOMEPATH instead of just $HOMEPATH when searching for the home directory on windows. Ticket [44002a7760cf5406] (check-in: 3715b5d2 user: drh tags: trunk) | |
| 12:44 | Fix an issue with inherited capabilities in the subrepo mechanism. (check-in: 3bd2de4c user: drh tags: trunk) | |
| 12:26 | Add lines describing the login to the /test_env page. (check-in: c53fbe5d user: drh tags: trunk) | |
Changes
Changes to src/login.c.
678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 ... 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 ... 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 ... 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 |
*/
g.userUid = uid;
if( fossil_strcmp(g.zLogin,"nobody")==0 ){
g.zLogin = 0;
}
/* Set the capabilities */
login_set_capabilities(zCap);
login_set_anon_nobody_capabilities();
}
/*
** Memory of settings
*/
static int login_anon_once = 1;
................................................................................
** for the user g.zLogin.
*/
void login_set_anon_nobody_capabilities(void){
if( g.zLogin && login_anon_once ){
const char *zCap;
/* All logged-in users inherit privileges from "nobody" */
zCap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'");
login_set_capabilities(zCap);
if( fossil_strcmp(g.zLogin, "nobody")!=0 ){
/* All logged-in users inherit privileges from "anonymous" */
zCap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'");
login_set_capabilities(zCap);
}
login_anon_once = 0;
}
}
/*
** Set the global capability flags based on a capability string.
*/
void login_set_capabilities(const char *zCap){
static char *zDev = 0;
static char *zUser = 0;
int i;
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
case 's': g.okSetup = 1; /* Fall thru into Admin */
case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
g.okRdWiki = g.okWrWiki = g.okNewWiki =
g.okApndWiki = g.okHistory = g.okClone =
................................................................................
case 't': g.okTktFmt = 1; break;
case 'b': g.okAttach = 1; break;
case 'x': g.okPrivate = 1; break;
/* The "u" privileges is a little different. It recursively
** inherits all privileges of the user named "reader" */
case 'u': {
if( zUser==0 ){
zUser = db_text("", "SELECT cap FROM user WHERE login='reader'");
login_set_capabilities(zUser);
}
break;
}
/* The "v" privileges is a little different. It recursively
** inherits all privileges of the user named "developer" */
case 'v': {
if( zDev==0 ){
zDev = db_text("", "SELECT cap FROM user WHERE login='developer'");
login_set_capabilities(zDev);
}
break;
}
}
}
}
................................................................................
if( g.userUid ){
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", g.userUid);
}
if( fossil_strcmp(zUser,"nobody")==0 ) zUser = 0;
g.zLogin = fossil_strdup(zUser);
/* Set the capabilities */
login_set_capabilities(zCap);
login_anon_once = 1;
login_set_anon_nobody_capabilities();
}
/*
** Call this routine when the credential check fails. It causes
** a redirect to the "login" page.
|
| | | > > > > > > > > | < < | > | | > | | |
678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 ... 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 ... 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 ... 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 |
*/
g.userUid = uid;
if( fossil_strcmp(g.zLogin,"nobody")==0 ){
g.zLogin = 0;
}
/* Set the capabilities */
login_set_capabilities(zCap, 0);
login_set_anon_nobody_capabilities();
}
/*
** Memory of settings
*/
static int login_anon_once = 1;
................................................................................
** for the user g.zLogin.
*/
void login_set_anon_nobody_capabilities(void){
if( g.zLogin && login_anon_once ){
const char *zCap;
/* All logged-in users inherit privileges from "nobody" */
zCap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'");
login_set_capabilities(zCap, 0);
if( fossil_strcmp(g.zLogin, "nobody")!=0 ){
/* All logged-in users inherit privileges from "anonymous" */
zCap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'");
login_set_capabilities(zCap, 0);
}
login_anon_once = 0;
}
}
/*
** Flags passed into the 2nd argument of login_set_capabilities().
*/
#if INTERFACE
#define LOGIN_IGNORE_U 0x01 /* Ignore "u" */
#define LOGIN_IGNORE_V 0x01 /* Ignore "v" */
#endif
/*
** Set the global capability flags based on a capability string.
*/
void login_set_capabilities(const char *zCap, unsigned flags){
int i;
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
case 's': g.okSetup = 1; /* Fall thru into Admin */
case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip =
g.okRdWiki = g.okWrWiki = g.okNewWiki =
g.okApndWiki = g.okHistory = g.okClone =
................................................................................
case 't': g.okTktFmt = 1; break;
case 'b': g.okAttach = 1; break;
case 'x': g.okPrivate = 1; break;
/* The "u" privileges is a little different. It recursively
** inherits all privileges of the user named "reader" */
case 'u': {
if( (flags & LOGIN_IGNORE_U)==0 ){
const char *zUser;
zUser = db_text("", "SELECT cap FROM user WHERE login='reader'");
login_set_capabilities(zUser, flags | LOGIN_IGNORE_U);
}
break;
}
/* The "v" privileges is a little different. It recursively
** inherits all privileges of the user named "developer" */
case 'v': {
if( (flags & LOGIN_IGNORE_V)==0 ){
const char *zDev;
zDev = db_text("", "SELECT cap FROM user WHERE login='developer'");
login_set_capabilities(zDev, flags | LOGIN_IGNORE_V);
}
break;
}
}
}
}
................................................................................
if( g.userUid ){
zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", g.userUid);
}
if( fossil_strcmp(zUser,"nobody")==0 ) zUser = 0;
g.zLogin = fossil_strdup(zUser);
/* Set the capabilities */
login_set_capabilities(zCap, 0);
login_anon_once = 1;
login_set_anon_nobody_capabilities();
}
/*
** Call this routine when the credential check fails. It causes
** a redirect to the "login" page.
|
Changes to src/main.c.
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
....
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
|
for(jj=0; zAltRepo[jj] && zAltRepo[jj]!=':'; jj++){}
if( zAltRepo[jj]==':' ){
zAltRepo[jj] = 0;
zAltRepo += jj+1;
}else{
zUser = "nobody";
}
if( zAltRepo[0]!='/' ){
zAltRepo = mprintf("%s/../%s", g.zRepositoryName, zAltRepo);
file_simplify_name(zAltRepo, -1);
}
db_close(1);
db_open_repository(zAltRepo);
login_as_user(zUser);
................................................................................
/*
** Note that the following command is used by ssh:// processing.
**
** COMMAND: test-http
** Works like the http command but gives setup permission to all users.
*/
void cmd_test_http(void){
login_set_capabilities("s");
g.httpIn = stdin;
g.httpOut = stdout;
find_server_repository(0);
g.cgiOutput = 1;
g.fullHttpReply = 1;
cgi_handle_http_request(0);
process_one_web_page(0);
|
>
|
|
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
....
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
|
for(jj=0; zAltRepo[jj] && zAltRepo[jj]!=':'; jj++){}
if( zAltRepo[jj]==':' ){
zAltRepo[jj] = 0;
zAltRepo += jj+1;
}else{
zUser = "nobody";
}
if( g.zLogin==0 ) zUser = "nobody";
if( zAltRepo[0]!='/' ){
zAltRepo = mprintf("%s/../%s", g.zRepositoryName, zAltRepo);
file_simplify_name(zAltRepo, -1);
}
db_close(1);
db_open_repository(zAltRepo);
login_as_user(zUser);
................................................................................
/*
** Note that the following command is used by ssh:// processing.
**
** COMMAND: test-http
** Works like the http command but gives setup permission to all users.
*/
void cmd_test_http(void){
login_set_capabilities("s", 0);
g.httpIn = stdin;
g.httpOut = stdout;
find_server_repository(0);
g.cgiOutput = 1;
g.fullHttpReply = 1;
cgi_handle_http_request(0);
process_one_web_page(0);
|
Changes to src/xfer.c.
593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 |
rc = blob_compare(&hash, pSig);
blob_reset(&hash);
blob_reset(&combined);
}
if( rc==0 ){
const char *zCap;
zCap = db_column_text(&q, 1);
login_set_capabilities(zCap);
g.userUid = db_column_int(&q, 2);
g.zLogin = mprintf("%b", pLogin);
g.zNonce = mprintf("%b", pNonce);
}
}
db_finalize(&q);
return rc;
|
| |
593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 |
rc = blob_compare(&hash, pSig);
blob_reset(&hash);
blob_reset(&combined);
}
if( rc==0 ){
const char *zCap;
zCap = db_column_text(&q, 1);
login_set_capabilities(zCap, 0);
g.userUid = db_column_int(&q, 2);
g.zLogin = mprintf("%b", pLogin);
g.zNonce = mprintf("%b", pNonce);
}
}
db_finalize(&q);
return rc;
|