Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix an issue with inherited capabilities in the subrepo mechanism. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
3bd2de4c92f8f00f1651edbf83615e16 |
User & Date: | drh 2011-05-09 12:44:38.518 |
Context
2011-05-09
| ||
12:55 | Use a combination of $HOMEDRIVE$HOMEPATH instead of just $HOMEPATH when searching for the home directory on windows. Ticket [44002a7760cf5406] ... (check-in: 3715b5d2 user: drh tags: trunk) | |
12:44 | Fix an issue with inherited capabilities in the subrepo mechanism. ... (check-in: 3bd2de4c user: drh tags: trunk) | |
12:26 | Add lines describing the login to the /test_env page. ... (check-in: c53fbe5d user: drh tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
678 679 680 681 682 683 684 | */ g.userUid = uid; if( fossil_strcmp(g.zLogin,"nobody")==0 ){ g.zLogin = 0; } /* Set the capabilities */ | | | | > > > > > > > > | < < | 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 | */ g.userUid = uid; if( fossil_strcmp(g.zLogin,"nobody")==0 ){ g.zLogin = 0; } /* Set the capabilities */ login_set_capabilities(zCap, 0); login_set_anon_nobody_capabilities(); } /* ** Memory of settings */ static int login_anon_once = 1; /* ** Add the default privileges of users "nobody" and "anonymous" as appropriate ** for the user g.zLogin. */ void login_set_anon_nobody_capabilities(void){ if( g.zLogin && login_anon_once ){ const char *zCap; /* All logged-in users inherit privileges from "nobody" */ zCap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'"); login_set_capabilities(zCap, 0); if( fossil_strcmp(g.zLogin, "nobody")!=0 ){ /* All logged-in users inherit privileges from "anonymous" */ zCap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'"); login_set_capabilities(zCap, 0); } login_anon_once = 0; } } /* ** Flags passed into the 2nd argument of login_set_capabilities(). */ #if INTERFACE #define LOGIN_IGNORE_U 0x01 /* Ignore "u" */ #define LOGIN_IGNORE_V 0x01 /* Ignore "v" */ #endif /* ** Set the global capability flags based on a capability string. */ void login_set_capabilities(const char *zCap, unsigned flags){ int i; for(i=0; zCap[i]; i++){ switch( zCap[i] ){ case 's': g.okSetup = 1; /* Fall thru into Admin */ case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okZip = g.okRdWiki = g.okWrWiki = g.okNewWiki = g.okApndWiki = g.okHistory = g.okClone = |
︙ | ︙ | |||
749 750 751 752 753 754 755 | case 't': g.okTktFmt = 1; break; case 'b': g.okAttach = 1; break; case 'x': g.okPrivate = 1; break; /* The "u" privileges is a little different. It recursively ** inherits all privileges of the user named "reader" */ case 'u': { | > | | > | | | 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 | case 't': g.okTktFmt = 1; break; case 'b': g.okAttach = 1; break; case 'x': g.okPrivate = 1; break; /* The "u" privileges is a little different. It recursively ** inherits all privileges of the user named "reader" */ case 'u': { if( (flags & LOGIN_IGNORE_U)==0 ){ const char *zUser; zUser = db_text("", "SELECT cap FROM user WHERE login='reader'"); login_set_capabilities(zUser, flags | LOGIN_IGNORE_U); } break; } /* The "v" privileges is a little different. It recursively ** inherits all privileges of the user named "developer" */ case 'v': { if( (flags & LOGIN_IGNORE_V)==0 ){ const char *zDev; zDev = db_text("", "SELECT cap FROM user WHERE login='developer'"); login_set_capabilities(zDev, flags | LOGIN_IGNORE_V); } break; } } } } |
︙ | ︙ | |||
857 858 859 860 861 862 863 | if( g.userUid ){ zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", g.userUid); } if( fossil_strcmp(zUser,"nobody")==0 ) zUser = 0; g.zLogin = fossil_strdup(zUser); /* Set the capabilities */ | | | 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 | if( g.userUid ){ zCap = db_text("", "SELECT cap FROM user WHERE uid=%d", g.userUid); } if( fossil_strcmp(zUser,"nobody")==0 ) zUser = 0; g.zLogin = fossil_strdup(zUser); /* Set the capabilities */ login_set_capabilities(zCap, 0); login_anon_once = 1; login_set_anon_nobody_capabilities(); } /* ** Call this routine when the credential check fails. It causes ** a redirect to the "login" page. |
︙ | ︙ |
Changes to src/main.c.
︙ | ︙ | |||
999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 | for(jj=0; zAltRepo[jj] && zAltRepo[jj]!=':'; jj++){} if( zAltRepo[jj]==':' ){ zAltRepo[jj] = 0; zAltRepo += jj+1; }else{ zUser = "nobody"; } if( zAltRepo[0]!='/' ){ zAltRepo = mprintf("%s/../%s", g.zRepositoryName, zAltRepo); file_simplify_name(zAltRepo, -1); } db_close(1); db_open_repository(zAltRepo); login_as_user(zUser); | > | 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 | for(jj=0; zAltRepo[jj] && zAltRepo[jj]!=':'; jj++){} if( zAltRepo[jj]==':' ){ zAltRepo[jj] = 0; zAltRepo += jj+1; }else{ zUser = "nobody"; } if( g.zLogin==0 ) zUser = "nobody"; if( zAltRepo[0]!='/' ){ zAltRepo = mprintf("%s/../%s", g.zRepositoryName, zAltRepo); file_simplify_name(zAltRepo, -1); } db_close(1); db_open_repository(zAltRepo); login_as_user(zUser); |
︙ | ︙ | |||
1299 1300 1301 1302 1303 1304 1305 | /* ** Note that the following command is used by ssh:// processing. ** ** COMMAND: test-http ** Works like the http command but gives setup permission to all users. */ void cmd_test_http(void){ | | | 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 | /* ** Note that the following command is used by ssh:// processing. ** ** COMMAND: test-http ** Works like the http command but gives setup permission to all users. */ void cmd_test_http(void){ login_set_capabilities("s", 0); g.httpIn = stdin; g.httpOut = stdout; find_server_repository(0); g.cgiOutput = 1; g.fullHttpReply = 1; cgi_handle_http_request(0); process_one_web_page(0); |
︙ | ︙ |
Changes to src/xfer.c.
︙ | ︙ | |||
593 594 595 596 597 598 599 | rc = blob_compare(&hash, pSig); blob_reset(&hash); blob_reset(&combined); } if( rc==0 ){ const char *zCap; zCap = db_column_text(&q, 1); | | | 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 | rc = blob_compare(&hash, pSig); blob_reset(&hash); blob_reset(&combined); } if( rc==0 ){ const char *zCap; zCap = db_column_text(&q, 1); login_set_capabilities(zCap, 0); g.userUid = db_column_int(&q, 2); g.zLogin = mprintf("%b", pLogin); g.zNonce = mprintf("%b", pNonce); } } db_finalize(&q); return rc; |
︙ | ︙ |