Fossil SCM

Remove the unused inherit-anon configuration attribute. Fix the automatic redirect that follows a login operation. Fix "config push user" on the server side.

drh 2008-10-26 21:30 trunk

Commit 0600b278c0f105dc1aafaf7ee2decb84d3801607

Parent 9acf0bcdbe76cae…

4 files changed -4 +19 -7 +1 -7 +4 -4

~ src/db.c ~ src/login.c ~ src/setup.c ~ src/xfer.c

M src/db.c

-4

		--- src/db.c
		+++ src/db.c
		@@ -1203,13 +1203,10 @@
1203	1203	** editor Text editor command used for check-in comments.
1204	1204	**
1205	1205	** gdiff-command External command to run when performing a graphical
1206	1206	** diff. If undefined, text diff will be used.
1207	1207	**
1208		-** inherit-anon If enabled, any web user inherits capabilities from
1209		-** anonymous as well as nobody.
1210		-**
1211	1208	** localauth If enabled, require that HTTP connections from
1212	1209	** 127.0.0.1 be authenticated by password. If
1213	1210	** false, all HTTP requests from localhost have
1214	1211	** unrestricted access to the repository.
1215	1212	**
		@@ -1234,11 +1231,10 @@
1234	1231	static const char *azName[] = {
1235	1232	"autosync",
1236	1233	"diff-command",
1237	1234	"editor",
1238	1235	"gdiff-command",
1239		- "inherit-anon",
1240	1236	"localauth",
1241	1237	"clearsign",
1242	1238	"pgp-command",
1243	1239	"proxy",
1244	1240	"web-browser",
1245	1241

	--- src/db.c
	+++ src/db.c
	@@ -1203,13 +1203,10 @@
1203	** editor Text editor command used for check-in comments.
1204	**
1205	** gdiff-command External command to run when performing a graphical
1206	** diff. If undefined, text diff will be used.
1207	**
1208	** inherit-anon If enabled, any web user inherits capabilities from
1209	** anonymous as well as nobody.
1210	**
1211	** localauth If enabled, require that HTTP connections from
1212	** 127.0.0.1 be authenticated by password. If
1213	** false, all HTTP requests from localhost have
1214	** unrestricted access to the repository.
1215	**
	@@ -1234,11 +1231,10 @@
1234	static const char *azName[] = {
1235	"autosync",
1236	"diff-command",
1237	"editor",
1238	"gdiff-command",
1239	"inherit-anon",
1240	"localauth",
1241	"clearsign",
1242	"pgp-command",
1243	"proxy",
1244	"web-browser",
1245

	--- src/db.c
	+++ src/db.c
	@@ -1203,13 +1203,10 @@
1203	** editor Text editor command used for check-in comments.
1204	**
1205	** gdiff-command External command to run when performing a graphical
1206	** diff. If undefined, text diff will be used.
1207	**



1208	** localauth If enabled, require that HTTP connections from
1209	** 127.0.0.1 be authenticated by password. If
1210	** false, all HTTP requests from localhost have
1211	** unrestricted access to the repository.
1212	**
	@@ -1234,11 +1231,10 @@
1231	static const char *azName[] = {
1232	"autosync",
1233	"diff-command",
1234	"editor",
1235	"gdiff-command",

1236	"localauth",
1237	"clearsign",
1238	"pgp-command",
1239	"proxy",
1240	"web-browser",
1241

M src/login.c

+19 -7

		--- src/login.c
		+++ src/login.c
		@@ -64,33 +64,45 @@
64	64	strcpy(zCookieName, "fossil_login_");
65	65	encode16((unsigned char)g.zTop, (unsigned char)&zCookieName[13], n);
66	66	}
67	67	return zCookieName;
68	68	}
	69	+
	70	+/*
	71	+** Redirect to the page specified by the "g" query parameter.
	72	+** Or if there is no "g" query parameter, redirect to the homepage.
	73	+*/
	74	+static void redirect_to_g(void){
	75	+ const char *zGoto = P("g");
	76	+ if( zGoto ){
	77	+ cgi_redirect(zGoto);
	78	+ }else{
	79	+ fossil_redirect_home();
	80	+ }
	81	+}
69	82
70	83	/*
71	84	** WEBPAGE: /login
72	85	** WEBPAGE: /logout
73	86	**
74	87	** Generate the login page
75	88	*/
76	89	void login_page(void){
77		- const char zUsername, zPasswd, *zGoto;
	90	+ const char zUsername, zPasswd;
78	91	const char zNew1, zNew2;
79	92	const char *zAnonPw = 0;
80	93	int anonFlag;
81	94	char *zErrMsg = "";
82	95
83	96	login_check_credentials();
84	97	zUsername = P("u");
85	98	zPasswd = P("p");
86		- zGoto = PD("g","index");
87	99	anonFlag = P("anon")!=0;
88	100	if( P("out")!=0 ){
89	101	const char *zCookieName = login_cookie_name();
90	102	cgi_set_cookie(zCookieName, "", 0, -86400);
91		- cgi_redirect(zGoto);
	103	+ redirect_to_g();
92	104	}
93	105	if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
94	106	if( db_int(1, "SELECT 0 FROM user"
95	107	" WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){
96	108	sleep(1);
		@@ -109,11 +121,11 @@
109	121	;
110	122	}else{
111	123	db_multi_exec(
112	124	"UPDATE user SET pw=%Q WHERE uid=%d", zNew1, g.userUid
113	125	);
114		- cgi_redirect(zGoto);
	126	+ redirect_to_g();
115	127	return;
116	128	}
117	129	}
118	130	if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
119	131	int uid = db_int(0,
		@@ -142,11 +154,11 @@
142	154	"UPDATE user SET cookie=%Q, ipaddr=%Q, "
143	155	" cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
144	156	zCookie, zIpAddr, expires, uid
145	157	);
146	158	}
147		- cgi_redirect(zGoto);
	159	+ redirect_to_g();
148	160	}
149	161	}
150	162	style_header("Login/Logout");
151	163	@ %s(zErrMsg)
152	164	@ <form action="login" method="POST">
		@@ -323,16 +335,16 @@
323	335	void login_set_capabilities(const char *zCap){
324	336	static char *zDev = 0;
325	337	int i;
326	338	for(i=0; zCap[i]; i++){
327	339	switch( zCap[i] ){
328		- case 's': g.okSetup = 1;
	340	+ case 's': g.okSetup = 1; /* Fall thru into Admin */
329	341	case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt =
330	342	g.okRdWiki = g.okWrWiki = g.okNewWiki =
331	343	g.okApndWiki = g.okHistory = g.okClone =
332	344	g.okNewTkt = g.okPassword = g.okRdAddr =
333		- g.okTktFmt = 1;
	345	+ g.okTktFmt = 1; /* Fall thru into Read/Write */
334	346	case 'i': g.okRead = g.okWrite = 1; break;
335	347	case 'o': g.okRead = 1; break;
336	348	case 'z': g.okZip = 1; break;
337	349
338	350	case 'd': g.okDelete = 1; break;
339	351

	--- src/login.c
	+++ src/login.c
	@@ -64,33 +64,45 @@
64	strcpy(zCookieName, "fossil_login_");
65	encode16((unsigned char)g.zTop, (unsigned char)&zCookieName[13], n);
66	}
67	return zCookieName;
68	}













69
70	/*
71	** WEBPAGE: /login
72	** WEBPAGE: /logout
73	**
74	** Generate the login page
75	*/
76	void login_page(void){
77	const char zUsername, zPasswd, *zGoto;
78	const char zNew1, zNew2;
79	const char *zAnonPw = 0;
80	int anonFlag;
81	char *zErrMsg = "";
82
83	login_check_credentials();
84	zUsername = P("u");
85	zPasswd = P("p");
86	zGoto = PD("g","index");
87	anonFlag = P("anon")!=0;
88	if( P("out")!=0 ){
89	const char *zCookieName = login_cookie_name();
90	cgi_set_cookie(zCookieName, "", 0, -86400);
91	cgi_redirect(zGoto);
92	}
93	if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
94	if( db_int(1, "SELECT 0 FROM user"
95	" WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){
96	sleep(1);
	@@ -109,11 +121,11 @@
109	;
110	}else{
111	db_multi_exec(
112	"UPDATE user SET pw=%Q WHERE uid=%d", zNew1, g.userUid
113	);
114	cgi_redirect(zGoto);
115	return;
116	}
117	}
118	if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
119	int uid = db_int(0,
	@@ -142,11 +154,11 @@
142	"UPDATE user SET cookie=%Q, ipaddr=%Q, "
143	" cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
144	zCookie, zIpAddr, expires, uid
145	);
146	}
147	cgi_redirect(zGoto);
148	}
149	}
150	style_header("Login/Logout");
151	@ %s(zErrMsg)
152	@ <form action="login" method="POST">
	@@ -323,16 +335,16 @@
323	void login_set_capabilities(const char *zCap){
324	static char *zDev = 0;
325	int i;
326	for(i=0; zCap[i]; i++){
327	switch( zCap[i] ){
328	case 's': g.okSetup = 1;
329	case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt =
330	g.okRdWiki = g.okWrWiki = g.okNewWiki =
331	g.okApndWiki = g.okHistory = g.okClone =
332	g.okNewTkt = g.okPassword = g.okRdAddr =
333	g.okTktFmt = 1;
334	case 'i': g.okRead = g.okWrite = 1; break;
335	case 'o': g.okRead = 1; break;
336	case 'z': g.okZip = 1; break;
337
338	case 'd': g.okDelete = 1; break;
339

	--- src/login.c
	+++ src/login.c
	@@ -64,33 +64,45 @@
64	strcpy(zCookieName, "fossil_login_");
65	encode16((unsigned char)g.zTop, (unsigned char)&zCookieName[13], n);
66	}
67	return zCookieName;
68	}
69
70	/*
71	** Redirect to the page specified by the "g" query parameter.
72	** Or if there is no "g" query parameter, redirect to the homepage.
73	*/
74	static void redirect_to_g(void){
75	const char *zGoto = P("g");
76	if( zGoto ){
77	cgi_redirect(zGoto);
78	}else{
79	fossil_redirect_home();
80	}
81	}
82
83	/*
84	** WEBPAGE: /login
85	** WEBPAGE: /logout
86	**
87	** Generate the login page
88	*/
89	void login_page(void){
90	const char zUsername, zPasswd;
91	const char zNew1, zNew2;
92	const char *zAnonPw = 0;
93	int anonFlag;
94	char *zErrMsg = "";
95
96	login_check_credentials();
97	zUsername = P("u");
98	zPasswd = P("p");

99	anonFlag = P("anon")!=0;
100	if( P("out")!=0 ){
101	const char *zCookieName = login_cookie_name();
102	cgi_set_cookie(zCookieName, "", 0, -86400);
103	redirect_to_g();
104	}
105	if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
106	if( db_int(1, "SELECT 0 FROM user"
107	" WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){
108	sleep(1);
	@@ -109,11 +121,11 @@
121	;
122	}else{
123	db_multi_exec(
124	"UPDATE user SET pw=%Q WHERE uid=%d", zNew1, g.userUid
125	);
126	redirect_to_g();
127	return;
128	}
129	}
130	if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
131	int uid = db_int(0,
	@@ -142,11 +154,11 @@
154	"UPDATE user SET cookie=%Q, ipaddr=%Q, "
155	" cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
156	zCookie, zIpAddr, expires, uid
157	);
158	}
159	redirect_to_g();
160	}
161	}
162	style_header("Login/Logout");
163	@ %s(zErrMsg)
164	@ <form action="login" method="POST">
	@@ -323,16 +335,16 @@
335	void login_set_capabilities(const char *zCap){
336	static char *zDev = 0;
337	int i;
338	for(i=0; zCap[i]; i++){
339	switch( zCap[i] ){
340	case 's': g.okSetup = 1; /* Fall thru into Admin */
341	case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt =
342	g.okRdWiki = g.okWrWiki = g.okNewWiki =
343	g.okApndWiki = g.okHistory = g.okClone =
344	g.okNewTkt = g.okPassword = g.okRdAddr =
345	g.okTktFmt = 1; /* Fall thru into Read/Write */
346	case 'i': g.okRead = g.okWrite = 1; break;
347	case 'o': g.okRead = 1; break;
348	case 'z': g.okZip = 1; break;
349
350	case 'd': g.okDelete = 1; break;
351

M src/setup.c

+1 -7

		--- src/setup.c
		+++ src/setup.c
		@@ -618,24 +618,18 @@
618	618	db_begin_transaction();
619	619	@ <form action="%s(g.zBaseURL)/setup_access" method="POST">
620	620	login_insert_csrf_secret();
621	621	@ <hr>
622	622	onoff_attribute("Require password for local access",
623		- "localauth", "localauth", 1);
	623	+ "localauth", "localauth", 0);
624	624	@ <p>When enabled, the password sign-in is required for
625	625	@ web access coming from 127.0.0.1. When disabled, web access
626	626	@ from 127.0.0.1 is allows without any login - the user id is selected
627	627	@ from the ~/.fossil database. Password login is always required
628	628	@ for incoming web connections on internet addresses other than
629	629	@ 127.0.0.1.</p></li>
630	630
631		- @ <hr>
632		- onoff_attribute("Inherit capabilities from anonymous user",
633		- "inherit-anon", "inherit-anon", 0);
634		- @ <p>When enabled, all web users inherit capabilities from
635		- @ "anonymous", as well as from "nobody".</p></li>
636		-
637	631	@ <hr>
638	632	entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766");
639	633	@ <p>The number of hours for which a login is valid. This must be a
640	634	@ positive number. The default is 8760 hours which is approximately equal
641	635	@ to a year.</p>
642	636

	--- src/setup.c
	+++ src/setup.c
	@@ -618,24 +618,18 @@
618	db_begin_transaction();
619	@ <form action="%s(g.zBaseURL)/setup_access" method="POST">
620	login_insert_csrf_secret();
621	@ <hr>
622	onoff_attribute("Require password for local access",
623	"localauth", "localauth", 1);
624	@ <p>When enabled, the password sign-in is required for
625	@ web access coming from 127.0.0.1. When disabled, web access
626	@ from 127.0.0.1 is allows without any login - the user id is selected
627	@ from the ~/.fossil database. Password login is always required
628	@ for incoming web connections on internet addresses other than
629	@ 127.0.0.1.</p></li>
630
631	@ <hr>
632	onoff_attribute("Inherit capabilities from anonymous user",
633	"inherit-anon", "inherit-anon", 0);
634	@ <p>When enabled, all web users inherit capabilities from
635	@ "anonymous", as well as from "nobody".</p></li>
636
637	@ <hr>
638	entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766");
639	@ <p>The number of hours for which a login is valid. This must be a
640	@ positive number. The default is 8760 hours which is approximately equal
641	@ to a year.</p>
642

	--- src/setup.c
	+++ src/setup.c
	@@ -618,24 +618,18 @@
618	db_begin_transaction();
619	@ <form action="%s(g.zBaseURL)/setup_access" method="POST">
620	login_insert_csrf_secret();
621	@ <hr>
622	onoff_attribute("Require password for local access",
623	"localauth", "localauth", 0);
624	@ <p>When enabled, the password sign-in is required for
625	@ web access coming from 127.0.0.1. When disabled, web access
626	@ from 127.0.0.1 is allows without any login - the user id is selected
627	@ from the ~/.fossil database. Password login is always required
628	@ for incoming web connections on internet addresses other than
629	@ 127.0.0.1.</p></li>
630






631	@ <hr>
632	entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766");
633	@ <p>The number of hours for which a login is valid. This must be a
634	@ positive number. The default is 8760 hours which is approximately equal
635	@ to a year.</p>
636

M src/xfer.c

+4 -4

		--- src/xfer.c
		+++ src/xfer.c
		@@ -725,14 +725,10 @@
725	725	@ error not\sauthorized\sto\spush\sconfiguration
726	726	nErr++;
727	727	break;
728	728	}
729	729	if( zName[0]!='@' ){
730		- if( !recvConfig ){
731		- configure_prepare_to_receive(0);
732		- recvConfig = 1;
733		- }
734	730	db_multi_exec(
735	731	"REPLACE INTO config(name,value) VALUES(%Q,%Q)",
736	732	zName, blob_str(&content)
737	733	);
738	734	}else{
		@@ -739,10 +735,14 @@
739	735	/* Notice that we are evaluating arbitrary SQL received from the
740	736	** client. But this can only happen if the client has authenticated
741	737	** as an administrator, so presumably we trust the client at this
742	738	** point.
743	739	*/
	740	+ if( !recvConfig ){
	741	+ configure_prepare_to_receive(0);
	742	+ recvConfig = 1;
	743	+ }
744	744	db_multi_exec("%s", blob_str(&content));
745	745	}
746	746	blob_reset(&content);
747	747	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
748	748	}else
749	749

	--- src/xfer.c
	+++ src/xfer.c
	@@ -725,14 +725,10 @@
725	@ error not\sauthorized\sto\spush\sconfiguration
726	nErr++;
727	break;
728	}
729	if( zName[0]!='@' ){
730	if( !recvConfig ){
731	configure_prepare_to_receive(0);
732	recvConfig = 1;
733	}
734	db_multi_exec(
735	"REPLACE INTO config(name,value) VALUES(%Q,%Q)",
736	zName, blob_str(&content)
737	);
738	}else{
	@@ -739,10 +735,14 @@
739	/* Notice that we are evaluating arbitrary SQL received from the
740	** client. But this can only happen if the client has authenticated
741	** as an administrator, so presumably we trust the client at this
742	** point.
743	*/




744	db_multi_exec("%s", blob_str(&content));
745	}
746	blob_reset(&content);
747	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
748	}else
749

	--- src/xfer.c
	+++ src/xfer.c
	@@ -725,14 +725,10 @@
725	@ error not\sauthorized\sto\spush\sconfiguration
726	nErr++;
727	break;
728	}
729	if( zName[0]!='@' ){




730	db_multi_exec(
731	"REPLACE INTO config(name,value) VALUES(%Q,%Q)",
732	zName, blob_str(&content)
733	);
734	}else{
	@@ -739,10 +735,14 @@
735	/* Notice that we are evaluating arbitrary SQL received from the
736	** client. But this can only happen if the client has authenticated
737	** as an administrator, so presumably we trust the client at this
738	** point.
739	*/
740	if( !recvConfig ){
741	configure_prepare_to_receive(0);
742	recvConfig = 1;
743	}
744	db_multi_exec("%s", blob_str(&content));
745	}
746	blob_reset(&content);
747	blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
748	}else
749

Fossil SCM

Keyboard Shortcuts