| ︙ | | | ︙ | |
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
** not really the point. The anonymous login keeps search-engine
** crawlers and site download tools like wget from walking change
** logs and downloading diffs of very version of the archive that
** has ever existed, and things like that.
*/
#include "config.h"
#include "login.h"
#if defined(_WIN32)
# include <windows.h> /* for Sleep */
# if defined(__MINGW32__) || defined(_MSC_VER)
# define sleep Sleep /* windows does not have sleep, but Sleep */
# endif
#endif
#include <time.h>
|
|
|
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
** not really the point. The anonymous login keeps search-engine
** crawlers and site download tools like wget from walking change
** logs and downloading diffs of very version of the archive that
** has ever existed, and things like that.
*/
#include "config.h"
#include "login.h"
#if defined(_WIN32)
# include <windows.h> /* for Sleep */
# if defined(__MINGW32__) || defined(_MSC_VER)
# define sleep Sleep /* windows does not have sleep, but Sleep */
# endif
#endif
#include <time.h>
|
| ︙ | | | ︙ | |
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
}else{
fossil_redirect_home();
}
}
/*
** The IP address of the client is stored as part of login cookies.
** But some clients are behind firewalls that shift the IP address
** with each HTTP request. To allow such (broken) clients to log in,
** extract just a prefix of the IP address.
*/
static char *ipPrefix(const char *zIP){
int i, j;
static int ip_prefix_terms = -1;
if( ip_prefix_terms<0 ){
ip_prefix_terms = db_get_int("ip-prefix-terms",2);
}
|
|
|
|
|
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
}else{
fossil_redirect_home();
}
}
/*
** The IP address of the client is stored as part of login cookies.
** But some clients are behind firewalls that shift the IP address
** with each HTTP request. To allow such (broken) clients to log in,
** extract just a prefix of the IP address.
*/
static char *ipPrefix(const char *zIP){
int i, j;
static int ip_prefix_terms = -1;
if( ip_prefix_terms<0 ){
ip_prefix_terms = db_get_int("ip-prefix-terms",2);
}
|
| ︙ | | | ︙ | |
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
**
** This is a no-op if g.userUid is 0.
*/
void login_clear_login_data(){
if(!g.userUid){
return;
}else{
char const * cookie = login_cookie_name();
/* To logout, change the cookie value to an empty string */
cgi_set_cookie(cookie, "",
login_cookie_path(), -86400);
db_multi_exec("UPDATE user SET cookie=NULL, ipaddr=NULL, "
" cexpire=0 WHERE uid=%d"
" AND login NOT IN ('anonymous','nobody',"
" 'developer','reader')", g.userUid);
|
|
|
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
**
** This is a no-op if g.userUid is 0.
*/
void login_clear_login_data(){
if(!g.userUid){
return;
}else{
char const * cookie = login_cookie_name();
/* To logout, change the cookie value to an empty string */
cgi_set_cookie(cookie, "",
login_cookie_path(), -86400);
db_multi_exec("UPDATE user SET cookie=NULL, ipaddr=NULL, "
" cexpire=0 WHERE uid=%d"
" AND login NOT IN ('anonymous','nobody',"
" 'developer','reader')", g.userUid);
|
| ︙ | | | ︙ | |
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
|
const char *zAnonPw = 0;
const char *zGoto = P("g");
int anonFlag;
char *zErrMsg = "";
int uid; /* User id logged in user */
char *zSha1Pw;
const char *zIpAddr; /* IP address of requestor */
login_check_credentials();
sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
zUsername = P("u");
zPasswd = P("p");
anonFlag = P("anon")!=0;
if( P("out")!=0 ){
login_clear_login_data();
redirect_to_g();
}
if( g.perm.Password && zPasswd
&& (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0
){
/* The user requests a password change */
zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
if( db_int(1, "SELECT 0 FROM user"
" WHERE uid=%d"
" AND (constant_time_cmp(pw,%Q)=0"
" OR constant_time_cmp(pw,%Q)=0)",
g.userUid, zSha1Pw, zPasswd) ){
sleep(1);
zErrMsg =
@ <p><span class="loginError">
@ You entered an incorrect old password while attempting to change
@ your password. Your password is unchanged.
@ </span></p>
;
}else if( fossil_strcmp(zNew1,zNew2)!=0 ){
zErrMsg =
@ <p><span class="loginError">
@ The two copies of your new passwords do not match.
@ Your password is unchanged.
@ </span></p>
;
}else{
char *zNewPw = sha1_shared_secret(zNew1, g.zLogin, 0);
|
>
|
|
|
|
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
|
const char *zAnonPw = 0;
const char *zGoto = P("g");
int anonFlag;
char *zErrMsg = "";
int uid; /* User id logged in user */
char *zSha1Pw;
const char *zIpAddr; /* IP address of requestor */
const char *zReferer;
login_check_credentials();
sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
zUsername = P("u");
zPasswd = P("p");
anonFlag = P("anon")!=0;
if( P("out")!=0 ){
login_clear_login_data();
redirect_to_g();
}
if( g.perm.Password && zPasswd
&& (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0
){
/* The user requests a password change */
zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0);
if( db_int(1, "SELECT 0 FROM user"
" WHERE uid=%d"
" AND (constant_time_cmp(pw,%Q)=0"
" OR constant_time_cmp(pw,%Q)=0)",
g.userUid, zSha1Pw, zPasswd) ){
sleep(1);
zErrMsg =
@ <p><span class="loginError">
@ You entered an incorrect old password while attempting to change
@ your password. Your password is unchanged.
@ </span></p>
;
}else if( fossil_strcmp(zNew1,zNew2)!=0 ){
zErrMsg =
@ <p><span class="loginError">
@ The two copies of your new passwords do not match.
@ Your password is unchanged.
@ </span></p>
;
}else{
char *zNewPw = sha1_shared_secret(zNew1, g.zLogin, 0);
|
| ︙ | | | ︙ | |
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
|
}else{
redirect_to_g();
return;
}
}
}
zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */
uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs"));
if( uid>0 ){
login_set_anon_cookie(zIpAddr, NULL);
record_login_attempt("anonymous", zIpAddr, 1);
redirect_to_g();
}
if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
/* Attempting to log in as a user other than anonymous.
*/
uid = login_search_uid(zUsername, zPasswd);
if( uid<=0 ){
sleep(1);
zErrMsg =
@ <p><span class="loginError">
@ You entered an unknown user or an incorrect password.
@ </span></p>
;
record_login_attempt(zUsername, zIpAddr, 0);
}else{
/* Non-anonymous login is successful. Set a cookie of the form:
|
>
|
|
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
|
}else{
redirect_to_g();
return;
}
}
}
zIpAddr = PD("REMOTE_ADDR","nil"); /* Complete IP address for logging */
zReferer = P("HTTP_REFERER");
uid = login_is_valid_anonymous(zUsername, zPasswd, P("cs"));
if( uid>0 ){
login_set_anon_cookie(zIpAddr, NULL);
record_login_attempt("anonymous", zIpAddr, 1);
redirect_to_g();
}
if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
/* Attempting to log in as a user other than anonymous.
*/
uid = login_search_uid(zUsername, zPasswd);
if( uid<=0 ){
sleep(1);
zErrMsg =
@ <p><span class="loginError">
@ You entered an unknown user or an incorrect password.
@ </span></p>
;
record_login_attempt(zUsername, zIpAddr, 0);
}else{
/* Non-anonymous login is successful. Set a cookie of the form:
|
| ︙ | | | ︙ | |
568
569
570
571
572
573
574
575
576
577
578
579
580
581
|
@ %s(zErrMsg)
if( zGoto && P("anon")==0 ){
@ <p>A login is required for <a href="%h(zGoto)">%h(zGoto)</a>.</p>
}
form_begin(0, "%R/login");
if( zGoto ){
@ <input type="hidden" name="g" value="%h(zGoto)" />
}
@ <table class="login_out">
@ <tr>
@ <td class="login_out_label">User ID:</td>
if( anonFlag ){
@ <td><input type="text" id="u" name="u" value="anonymous" size="30" /></td>
}else{
|
>
>
|
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
|
@ %s(zErrMsg)
if( zGoto && P("anon")==0 ){
@ <p>A login is required for <a href="%h(zGoto)">%h(zGoto)</a>.</p>
}
form_begin(0, "%R/login");
if( zGoto ){
@ <input type="hidden" name="g" value="%h(zGoto)" />
}else if( zReferer && strncmp(g.zBaseURL, zReferer, strlen(g.zBaseURL))==0 ){
@ <input type="hidden" name="g" value="%h(zReferer)" />
}
@ <table class="login_out">
@ <tr>
@ <td class="login_out_label">User ID:</td>
if( anonFlag ){
@ <td><input type="text" id="u" name="u" value="anonymous" size="30" /></td>
}else{
|
| ︙ | | | ︙ | |
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
|
}
@ <tr>
@ <td></td>
@ <td><input type="submit" name="in" value="Login"
@ onClick="chngAction(this.form)" /></td>
@ </tr>
@ </table>
@ <script type="text/JavaScript">
@ gebi('u').focus()
@ function chngAction(form){
if( g.sslNotAvailable==0
&& strncmp(g.zBaseURL,"https:",6)!=0
&& db_get_boolean("https-login",0)
){
char *zSSL = mprintf("https:%s", &g.zBaseURL[5]);
|
|
|
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
|
}
@ <tr>
@ <td></td>
@ <td><input type="submit" name="in" value="Login"
@ onClick="chngAction(this.form)" /></td>
@ </tr>
@ </table>
@ <script>
@ gebi('u').focus()
@ function chngAction(form){
if( g.sslNotAvailable==0
&& strncmp(g.zBaseURL,"https:",6)!=0
&& db_get_boolean("https-login",0)
){
char *zSSL = mprintf("https:%s", &g.zBaseURL[5]);
|
| ︙ | | | ︙ | |
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
|
@ <p>To change your login to a different user, enter
}
@ your user-id and password at the left and press the
@ "Login" button. Your user name will be stored in a browser cookie.
@ You must configure your web browser to accept cookies in order for
@ the login to take.</p>
if( db_get_boolean("self-register", 0) ){
@ <p>If you do not have an account, you can
@ <a href="%s(g.zTop)/register?g=%T(P("G"))">create one</a>.
}
if( zAnonPw ){
unsigned int uSeed = captcha_seed();
char const *zDecoded = captcha_decode(uSeed);
int bAutoCaptcha = db_get_boolean("auto-captcha", 0);
char *zCaptcha = captcha_render(zDecoded);
|
|
|
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
|
@ <p>To change your login to a different user, enter
}
@ your user-id and password at the left and press the
@ "Login" button. Your user name will be stored in a browser cookie.
@ You must configure your web browser to accept cookies in order for
@ the login to take.</p>
if( db_get_boolean("self-register", 0) ){
@ <p>If you do not have an account, you can
@ <a href="%s(g.zTop)/register?g=%T(P("G"))">create one</a>.
}
if( zAnonPw ){
unsigned int uSeed = captcha_seed();
char const *zDecoded = captcha_decode(uSeed);
int bAutoCaptcha = db_get_boolean("auto-captcha", 0);
char *zCaptcha = captcha_render(zDecoded);
|
| ︙ | | | ︙ | |
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
|
@ </form>
}
style_footer();
}
/*
** Attempt to find login credentials for user zLogin on a peer repository
** with project code zCode. Transfer those credentials to the local
** repository.
**
** Return true if a transfer was made and false if not.
*/
static int login_transfer_credentials(
const char *zLogin, /* Login we are looking for */
const char *zCode, /* Project code of peer repository */
const char *zHash, /* HASH from login cookie HASH/CODE/LOGIN */
const char *zRemoteAddr /* Request comes from here */
){
sqlite3 *pOther = 0; /* The other repository */
sqlite3_stmt *pStmt; /* Query against the other repository */
char *zSQL; /* SQL of the query against other repo */
char *zOtherRepo; /* Filename of the other repository */
int rc; /* Result code from SQLite library functions */
int nXfer = 0; /* Number of credentials transferred */
zOtherRepo = db_text(0,
"SELECT value FROM config WHERE name='peer-repo-%q'",
zCode
);
if( zOtherRepo==0 ) return 0; /* No such peer repository */
rc = sqlite3_open_v2(
zOtherRepo, &pOther,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc==SQLITE_OK ){
sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0);
sqlite3_create_function(pOther, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
sqlite3_busy_timeout(pOther, 5000);
zSQL = mprintf(
"SELECT cexpire FROM user"
" WHERE login=%Q"
" AND ipaddr=%Q"
|
|
|
|
|
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
|
@ </form>
}
style_footer();
}
/*
** Attempt to find login credentials for user zLogin on a peer repository
** with project code zCode. Transfer those credentials to the local
** repository.
**
** Return true if a transfer was made and false if not.
*/
static int login_transfer_credentials(
const char *zLogin, /* Login we are looking for */
const char *zCode, /* Project code of peer repository */
const char *zHash, /* HASH from login cookie HASH/CODE/LOGIN */
const char *zRemoteAddr /* Request comes from here */
){
sqlite3 *pOther = 0; /* The other repository */
sqlite3_stmt *pStmt; /* Query against the other repository */
char *zSQL; /* SQL of the query against other repo */
char *zOtherRepo; /* Filename of the other repository */
int rc; /* Result code from SQLite library functions */
int nXfer = 0; /* Number of credentials transferred */
zOtherRepo = db_text(0,
"SELECT value FROM config WHERE name='peer-repo-%q'",
zCode
);
if( zOtherRepo==0 ) return 0; /* No such peer repository */
rc = sqlite3_open_v2(
zOtherRepo, &pOther,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
g.zVfsName
);
if( rc==SQLITE_OK ){
sqlite3_create_function(pOther,"now",0,SQLITE_UTF8,0,db_now_function,0,0);
sqlite3_create_function(pOther, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
sqlite3_busy_timeout(pOther, 5000);
zSQL = mprintf(
"SELECT cexpire FROM user"
" WHERE login=%Q"
" AND ipaddr=%Q"
|
| ︙ | | | ︙ | |
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
|
}
sqlite3_finalize(pStmt);
}
sqlite3_close(pOther);
fossil_free(zOtherRepo);
return nXfer;
}
/*
** Lookup the uid for a non-built-in user with zLogin and zCookie and
** zRemoteAddr. Return 0 if not found.
**
** Note that this only searches for logged-in entries with matching
** zCookie (db: user.cookie) and zRemoteAddr (db: user.ipaddr)
** entries.
*/
static int login_find_user(
const char *zLogin, /* User name */
const char *zCookie, /* Login cookie value */
const char *zRemoteAddr /* Abbreviated IP address for valid login */
){
int uid;
if( fossil_strcmp(zLogin, "anonymous")==0 ) return 0;
if( fossil_strcmp(zLogin, "nobody")==0 ) return 0;
if( fossil_strcmp(zLogin, "developer")==0 ) return 0;
if( fossil_strcmp(zLogin, "reader")==0 ) return 0;
uid = db_int(0,
"SELECT uid FROM user"
" WHERE login=%Q"
" AND ipaddr=%Q"
" AND cexpire>julianday('now')"
" AND length(cap)>0"
" AND length(pw)>0"
" AND constant_time_cmp(cookie,%Q)=0",
|
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
|
|
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
|
}
sqlite3_finalize(pStmt);
}
sqlite3_close(pOther);
fossil_free(zOtherRepo);
return nXfer;
}
/*
** Return TRUE if zLogin is one of the special usernames
*/
int login_is_special(const char *zLogin){
if( fossil_strcmp(zLogin, "anonymous")==0 ) return 1;
if( fossil_strcmp(zLogin, "nobody")==0 ) return 1;
if( fossil_strcmp(zLogin, "developer")==0 ) return 1;
if( fossil_strcmp(zLogin, "reader")==0 ) return 1;
return 0;
}
/*
** Lookup the uid for a non-built-in user with zLogin and zCookie and
** zRemoteAddr. Return 0 if not found.
**
** Note that this only searches for logged-in entries with matching
** zCookie (db: user.cookie) and zRemoteAddr (db: user.ipaddr)
** entries.
*/
static int login_find_user(
const char *zLogin, /* User name */
const char *zCookie, /* Login cookie value */
const char *zRemoteAddr /* Abbreviated IP address for valid login */
){
int uid;
if( login_is_special(zLogin) ) return 0;
uid = db_int(0,
"SELECT uid FROM user"
" WHERE login=%Q"
" AND ipaddr=%Q"
" AND cexpire>julianday('now')"
" AND length(cap)>0"
" AND length(pw)>0"
" AND constant_time_cmp(cookie,%Q)=0",
|
| ︙ | | | ︙ | |
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
|
/* Only run this check once. */
if( g.userUid!=0 ) return;
sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
/* If the HTTP connection is coming over 127.0.0.1 and if
** local login is disabled and if we are using HTTP and not HTTPS,
** then there is no need to check user credentials.
**
** This feature allows the "fossil ui" command to give the user
** full access rights without having to log in.
*/
zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 ||
|
|
|
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
|
/* Only run this check once. */
if( g.userUid!=0 ) return;
sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0,
constant_time_cmp_function, 0, 0);
/* If the HTTP connection is coming over 127.0.0.1 and if
** local login is disabled and if we are using HTTP and not HTTPS,
** then there is no need to check user credentials.
**
** This feature allows the "fossil ui" command to give the user
** full access rights without having to log in.
*/
zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil"));
if( ( fossil_strcmp(zIpAddr, "127.0.0.1")==0 ||
|
| ︙ | | | ︙ | |
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
|
/* Cookies of the form "HASH/TIME/anonymous". The TIME must not be
** too old and the sha1 hash of TIME/IPADDR/SECRET must match HASH.
** SECRET is the "captcha-secret" value in the repository.
*/
double rTime = atof(zArg);
Blob b;
blob_zero(&b);
blob_appendf(&b, "%s/%s/%s",
zArg, zRemoteAddr, db_get("captcha-secret",""));
sha1sum_blob(&b, &b);
if( fossil_strcmp(zHash, blob_str(&b))==0 ){
uid = db_int(0,
"SELECT uid FROM user WHERE login='anonymous'"
" AND length(cap)>0"
" AND length(pw)>0"
" AND %.17g+0.25>julianday('now')",
rTime
);
}
|
|
|
|
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
|
/* Cookies of the form "HASH/TIME/anonymous". The TIME must not be
** too old and the sha1 hash of TIME/IPADDR/SECRET must match HASH.
** SECRET is the "captcha-secret" value in the repository.
*/
double rTime = atof(zArg);
Blob b;
blob_zero(&b);
blob_appendf(&b, "%s/%s/%s",
zArg, zRemoteAddr, db_get("captcha-secret",""));
sha1sum_blob(&b, &b);
if( fossil_strcmp(zHash, blob_str(&b))==0 ){
uid = db_int(0,
"SELECT uid FROM user WHERE login='anonymous'"
" AND length(cap)>0"
" AND length(pw)>0"
" AND %.17g+0.25>julianday('now')",
rTime
);
}
|
| ︙ | | | ︙ | |
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
|
return;
}
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
case 's': g.perm.Setup = 1; /* Fall thru into Admin */
case 'a': g.perm.Admin = g.perm.RdTkt = g.perm.WrTkt = g.perm.Zip =
g.perm.RdWiki = g.perm.WrWiki = g.perm.NewWiki =
g.perm.ApndWiki = g.perm.Hyperlink = g.perm.Clone =
g.perm.NewTkt = g.perm.Password = g.perm.RdAddr =
g.perm.TktFmt = g.perm.Attach = g.perm.ApndTkt =
g.perm.ModWiki = g.perm.ModTkt = 1;
/* Fall thru into Read/Write */
case 'i': g.perm.Read = g.perm.Write = 1; break;
case 'o': g.perm.Read = 1; break;
case 'z': g.perm.Zip = 1; break;
|
|
|
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
|
return;
}
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
case 's': g.perm.Setup = 1; /* Fall thru into Admin */
case 'a': g.perm.Admin = g.perm.RdTkt = g.perm.WrTkt = g.perm.Zip =
g.perm.RdWiki = g.perm.WrWiki = g.perm.NewWiki =
g.perm.ApndWiki = g.perm.Hyperlink = g.perm.Clone =
g.perm.NewTkt = g.perm.Password = g.perm.RdAddr =
g.perm.TktFmt = g.perm.Attach = g.perm.ApndTkt =
g.perm.ModWiki = g.perm.ModTkt = 1;
/* Fall thru into Read/Write */
case 'i': g.perm.Read = g.perm.Write = 1; break;
case 'o': g.perm.Read = 1; break;
case 'z': g.perm.Zip = 1; break;
|
| ︙ | | | ︙ | |
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
|
case 'm': g.perm.ApndWiki = 1; break;
case 'f': g.perm.NewWiki = 1; break;
case 'l': g.perm.ModWiki = 1; break;
case 'e': g.perm.RdAddr = 1; break;
case 'r': g.perm.RdTkt = 1; break;
case 'n': g.perm.NewTkt = 1; break;
case 'w': g.perm.WrTkt = g.perm.RdTkt = g.perm.NewTkt =
g.perm.ApndTkt = 1; break;
case 'c': g.perm.ApndTkt = 1; break;
case 'q': g.perm.ModTkt = 1; break;
case 't': g.perm.TktFmt = 1; break;
case 'b': g.perm.Attach = 1; break;
case 'x': g.perm.Private = 1; break;
/* The "u" privileges is a little different. It recursively
** inherits all privileges of the user named "reader" */
case 'u': {
if( (flags & LOGIN_IGNORE_UV)==0 ){
const char *zUser;
zUser = db_text("", "SELECT cap FROM user WHERE login='reader'");
login_set_capabilities(zUser, flags | LOGIN_IGNORE_UV);
}
break;
}
/* The "v" privileges is a little different. It recursively
** inherits all privileges of the user named "developer" */
case 'v': {
if( (flags & LOGIN_IGNORE_UV)==0 ){
const char *zDev;
zDev = db_text("", "SELECT cap FROM user WHERE login='developer'");
login_set_capabilities(zDev, flags | LOGIN_IGNORE_UV);
}
|
|
|
|
|
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
|
case 'm': g.perm.ApndWiki = 1; break;
case 'f': g.perm.NewWiki = 1; break;
case 'l': g.perm.ModWiki = 1; break;
case 'e': g.perm.RdAddr = 1; break;
case 'r': g.perm.RdTkt = 1; break;
case 'n': g.perm.NewTkt = 1; break;
case 'w': g.perm.WrTkt = g.perm.RdTkt = g.perm.NewTkt =
g.perm.ApndTkt = 1; break;
case 'c': g.perm.ApndTkt = 1; break;
case 'q': g.perm.ModTkt = 1; break;
case 't': g.perm.TktFmt = 1; break;
case 'b': g.perm.Attach = 1; break;
case 'x': g.perm.Private = 1; break;
/* The "u" privileges is a little different. It recursively
** inherits all privileges of the user named "reader" */
case 'u': {
if( (flags & LOGIN_IGNORE_UV)==0 ){
const char *zUser;
zUser = db_text("", "SELECT cap FROM user WHERE login='reader'");
login_set_capabilities(zUser, flags | LOGIN_IGNORE_UV);
}
break;
}
/* The "v" privileges is a little different. It recursively
** inherits all privileges of the user named "developer" */
case 'v': {
if( (flags & LOGIN_IGNORE_UV)==0 ){
const char *zDev;
zDev = db_text("", "SELECT cap FROM user WHERE login='developer'");
login_set_capabilities(zDev, flags | LOGIN_IGNORE_UV);
}
|
| ︙ | | | ︙ | |
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
|
g.zLogin = fossil_strdup(zUser);
/* Set the capabilities */
login_set_capabilities(zCap, 0);
login_anon_once = 1;
login_set_anon_nobody_capabilities();
}
/*
** Call this routine when the credential check fails. It causes
** a redirect to the "login" page.
*/
void login_needed(void){
#ifdef FOSSIL_ENABLE_JSON
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
|
g.zLogin = fossil_strdup(zUser);
/* Set the capabilities */
login_set_capabilities(zCap, 0);
login_anon_once = 1;
login_set_anon_nobody_capabilities();
}
/*
** Return true if the user is "nobody"
*/
int login_is_nobody(void){
return g.zLogin==0 || g.zLogin[0]==0 || fossil_strcmp(g.zLogin,"nobody")==0;
}
/*
** Return the login name. If no login name is specified, return "nobody".
*/
const char *login_name(void){
return (g.zLogin && g.zLogin[0]) ? g.zLogin : "nobody";
}
/*
** Call this routine when the credential check fails. It causes
** a redirect to the "login" page.
*/
void login_needed(void){
#ifdef FOSSIL_ENABLE_JSON
|
| ︙ | | | ︙ | |
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
|
@ <p><span class="loginError">
@ %s(zUsername) already exists.
@ </span></p>
}else{
char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
int uid;
db_multi_exec(
"INSERT INTO user(login,pw,cap,info)"
"VALUES(%B,%Q,%B,%B)",
&login, zPw, &caps, &contact
);
free(zPw);
/* The user is registered, now just log him in. */
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername);
login_set_user_cookie( zUsername, uid, NULL );
|
|
|
|
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
|
@ <p><span class="loginError">
@ %s(zUsername) already exists.
@ </span></p>
}else{
char *zPw = sha1_shared_secret(blob_str(&passwd), blob_str(&login), 0);
int uid;
db_multi_exec(
"INSERT INTO user(login,pw,cap,info,mtime)"
"VALUES(%B,%Q,%B,%B,strftime('%s','now'))",
&login, zPw, &caps, &contact
);
free(zPw);
/* The user is registered, now just log him in. */
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", zUsername);
login_set_user_cookie( zUsername, uid, NULL );
|
| ︙ | | | ︙ | |
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
|
Stmt q; /* Query of all peer-* entries in CONFIG */
if( zPrefix==0 ) zPrefix = "";
if( zSuffix==0 ) zSuffix = "";
if( pzErrorMsg ) *pzErrorMsg = 0;
zSelfCode = abbreviated_project_code(db_get("project-code", "x"));
blob_zero(&err);
db_prepare(&q,
"SELECT name, value FROM config"
" WHERE name GLOB 'peer-repo-*'"
" AND name <> 'peer-repo-%q'"
" ORDER BY +value",
zSelfCode
);
while( db_step(&q)==SQLITE_ROW ){
|
|
|
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
|
Stmt q; /* Query of all peer-* entries in CONFIG */
if( zPrefix==0 ) zPrefix = "";
if( zSuffix==0 ) zSuffix = "";
if( pzErrorMsg ) *pzErrorMsg = 0;
zSelfCode = abbreviated_project_code(db_get("project-code", "x"));
blob_zero(&err);
db_prepare(&q,
"SELECT name, value FROM config"
" WHERE name GLOB 'peer-repo-*'"
" AND name <> 'peer-repo-%q'"
" ORDER BY +value",
zSelfCode
);
while( db_step(&q)==SQLITE_ROW ){
|
| ︙ | | | ︙ | |
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
|
sqlite3_errmsg(pPeer), zSuffix);
nErr++;
sqlite3_close(pPeer);
continue;
}
sqlite3_create_function(pPeer, "shared_secret", 3, SQLITE_UTF8,
0, sha1_shared_secret_sql_function, 0, 0);
sqlite3_create_function(pPeer, "now", 0,SQLITE_ANY,0,db_now_function,0,0);
sqlite3_busy_timeout(pPeer, 5000);
zErr = 0;
rc = sqlite3_exec(pPeer, zSql, 0, 0, &zErr);
if( zErr ){
blob_appendf(&err, "%s%s: %s%s", zPrefix, zRepoName, zErr, zSuffix);
sqlite3_free(zErr);
nErr++;
|
|
|
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
|
sqlite3_errmsg(pPeer), zSuffix);
nErr++;
sqlite3_close(pPeer);
continue;
}
sqlite3_create_function(pPeer, "shared_secret", 3, SQLITE_UTF8,
0, sha1_shared_secret_sql_function, 0, 0);
sqlite3_create_function(pPeer, "now", 0,SQLITE_UTF8,0,db_now_function,0,0);
sqlite3_busy_timeout(pPeer, 5000);
zErr = 0;
rc = sqlite3_exec(pPeer, zSql, 0, 0, &zErr);
if( zErr ){
blob_appendf(&err, "%s%s: %s%s", zPrefix, zRepoName, zErr, zSuffix);
sqlite3_free(zErr);
nErr++;
|
| ︙ | | | ︙ | |
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
|
char *zSelfProjCode; /* Our project-code */
char *zSql; /* SQL to run on all peers */
const char *zSelf; /* The ATTACH name of our repository */
*pzErrMsg = 0; /* Default to no errors */
zSelf = db_name("repository");
/* Get the full pathname of the other repository */
file_canonical_name(zRepo, &fullName, 0);
zRepo = mprintf(blob_str(&fullName));
blob_reset(&fullName);
/* Get the full pathname for our repository. Also the project code
** and project name for ourself. */
file_canonical_name(g.zRepositoryName, &fullName, 0);
|
|
|
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
|
char *zSelfProjCode; /* Our project-code */
char *zSql; /* SQL to run on all peers */
const char *zSelf; /* The ATTACH name of our repository */
*pzErrMsg = 0; /* Default to no errors */
zSelf = db_name("repository");
/* Get the full pathname of the other repository */
file_canonical_name(zRepo, &fullName, 0);
zRepo = mprintf(blob_str(&fullName));
blob_reset(&fullName);
/* Get the full pathname for our repository. Also the project code
** and project name for ourself. */
file_canonical_name(g.zRepositoryName, &fullName, 0);
|
| ︙ | | | ︙ | |