Fossil SCM
Adds the obscure() shell function, exposing an internal mechanism without which you cannot programmatically set the user's sync password or HTTP auth creds. The existing mechanisms assume you can type into the console. Effectively, this gives us "fossil user pass" equivalents for these other password-like values.
Commit
2b5b7181a8a4d361b6bfffb8bd1c5bd596ab4a9134ca87587f2feb4bff5a3e41
Parent
db90281cb336ec3…
1 file changed
+37
M
src/db.c
+37
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -1022,10 +1022,45 @@ | ||
| 1022 | 1022 | return; |
| 1023 | 1023 | } |
| 1024 | 1024 | decode16(zIn, zOut, nIn); |
| 1025 | 1025 | sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free); |
| 1026 | 1026 | } |
| 1027 | + | |
| 1028 | +/* | |
| 1029 | +** Return the XOR-obscured version of the input text. Useful for | |
| 1030 | +** updating authentication strings in Fossil settings. To change | |
| 1031 | +** the password locally stored for sync, for instance: | |
| 1032 | +** | |
| 1033 | +** echo "UPDATE config | |
| 1034 | +** SET value = obscure('monkey123') | |
| 1035 | +** WHERE name = 'last-sync-pw'" | | |
| 1036 | +** fossil sql | |
| 1037 | +** | |
| 1038 | +** Note that user.pw uses a different obscuration algorithm, but | |
| 1039 | +** you don't need to use 'fossil sql' for that anyway. Just call | |
| 1040 | +** | |
| 1041 | +** fossil user pass monkey123 | |
| 1042 | +** | |
| 1043 | +** to change the local user entry's password in the same way. | |
| 1044 | +*/ | |
| 1045 | +void db_obscure( | |
| 1046 | + sqlite3_context *context, | |
| 1047 | + int argc, | |
| 1048 | + sqlite3_value **argv | |
| 1049 | +){ | |
| 1050 | + const unsigned char *zIn = sqlite3_value_text(argv[0]); | |
| 1051 | + int nIn = sqlite3_value_bytes(argv[0]); | |
| 1052 | + char *zOut, *zTemp; | |
| 1053 | + if( 0==zIn ) return; | |
| 1054 | + if( 0==(zOut = sqlite3_malloc64( nIn * 2 + 3 )) ){ | |
| 1055 | + sqlite3_result_error_nomem(context); | |
| 1056 | + return; | |
| 1057 | + } | |
| 1058 | + strcpy(zOut, zTemp = obscure((char*)zIn)); | |
| 1059 | + fossil_free(zTemp); | |
| 1060 | + sqlite3_result_text(context, zOut, strlen(zOut), sqlite3_free); | |
| 1061 | +} | |
| 1027 | 1062 | |
| 1028 | 1063 | /* |
| 1029 | 1064 | ** Register the SQL functions that are useful both to the internal |
| 1030 | 1065 | ** representation and to the "fossil sql" command. |
| 1031 | 1066 | */ |
| @@ -1050,10 +1085,12 @@ | ||
| 1050 | 1085 | capability_fullcap, 0, 0); |
| 1051 | 1086 | sqlite3_create_function(db, "find_emailaddr", 1, SQLITE_UTF8, 0, |
| 1052 | 1087 | alert_find_emailaddr_func, 0, 0); |
| 1053 | 1088 | sqlite3_create_function(db, "display_name", 1, SQLITE_UTF8, 0, |
| 1054 | 1089 | alert_display_name_func, 0, 0); |
| 1090 | + sqlite3_create_function(db, "obscure", 1, SQLITE_UTF8, 0, | |
| 1091 | + db_obscure, 0, 0); | |
| 1055 | 1092 | } |
| 1056 | 1093 | |
| 1057 | 1094 | #if USE_SEE |
| 1058 | 1095 | /* |
| 1059 | 1096 | ** This is a pointer to the saved database encryption key string. |
| 1060 | 1097 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1022,10 +1022,45 @@ | |
| 1022 | return; |
| 1023 | } |
| 1024 | decode16(zIn, zOut, nIn); |
| 1025 | sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free); |
| 1026 | } |
| 1027 | |
| 1028 | /* |
| 1029 | ** Register the SQL functions that are useful both to the internal |
| 1030 | ** representation and to the "fossil sql" command. |
| 1031 | */ |
| @@ -1050,10 +1085,12 @@ | |
| 1050 | capability_fullcap, 0, 0); |
| 1051 | sqlite3_create_function(db, "find_emailaddr", 1, SQLITE_UTF8, 0, |
| 1052 | alert_find_emailaddr_func, 0, 0); |
| 1053 | sqlite3_create_function(db, "display_name", 1, SQLITE_UTF8, 0, |
| 1054 | alert_display_name_func, 0, 0); |
| 1055 | } |
| 1056 | |
| 1057 | #if USE_SEE |
| 1058 | /* |
| 1059 | ** This is a pointer to the saved database encryption key string. |
| 1060 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -1022,10 +1022,45 @@ | |
| 1022 | return; |
| 1023 | } |
| 1024 | decode16(zIn, zOut, nIn); |
| 1025 | sqlite3_result_blob(context, zOut, nIn/2, sqlite3_free); |
| 1026 | } |
| 1027 | |
| 1028 | /* |
| 1029 | ** Return the XOR-obscured version of the input text. Useful for |
| 1030 | ** updating authentication strings in Fossil settings. To change |
| 1031 | ** the password locally stored for sync, for instance: |
| 1032 | ** |
| 1033 | ** echo "UPDATE config |
| 1034 | ** SET value = obscure('monkey123') |
| 1035 | ** WHERE name = 'last-sync-pw'" | |
| 1036 | ** fossil sql |
| 1037 | ** |
| 1038 | ** Note that user.pw uses a different obscuration algorithm, but |
| 1039 | ** you don't need to use 'fossil sql' for that anyway. Just call |
| 1040 | ** |
| 1041 | ** fossil user pass monkey123 |
| 1042 | ** |
| 1043 | ** to change the local user entry's password in the same way. |
| 1044 | */ |
| 1045 | void db_obscure( |
| 1046 | sqlite3_context *context, |
| 1047 | int argc, |
| 1048 | sqlite3_value **argv |
| 1049 | ){ |
| 1050 | const unsigned char *zIn = sqlite3_value_text(argv[0]); |
| 1051 | int nIn = sqlite3_value_bytes(argv[0]); |
| 1052 | char *zOut, *zTemp; |
| 1053 | if( 0==zIn ) return; |
| 1054 | if( 0==(zOut = sqlite3_malloc64( nIn * 2 + 3 )) ){ |
| 1055 | sqlite3_result_error_nomem(context); |
| 1056 | return; |
| 1057 | } |
| 1058 | strcpy(zOut, zTemp = obscure((char*)zIn)); |
| 1059 | fossil_free(zTemp); |
| 1060 | sqlite3_result_text(context, zOut, strlen(zOut), sqlite3_free); |
| 1061 | } |
| 1062 | |
| 1063 | /* |
| 1064 | ** Register the SQL functions that are useful both to the internal |
| 1065 | ** representation and to the "fossil sql" command. |
| 1066 | */ |
| @@ -1050,10 +1085,12 @@ | |
| 1085 | capability_fullcap, 0, 0); |
| 1086 | sqlite3_create_function(db, "find_emailaddr", 1, SQLITE_UTF8, 0, |
| 1087 | alert_find_emailaddr_func, 0, 0); |
| 1088 | sqlite3_create_function(db, "display_name", 1, SQLITE_UTF8, 0, |
| 1089 | alert_display_name_func, 0, 0); |
| 1090 | sqlite3_create_function(db, "obscure", 1, SQLITE_UTF8, 0, |
| 1091 | db_obscure, 0, 0); |
| 1092 | } |
| 1093 | |
| 1094 | #if USE_SEE |
| 1095 | /* |
| 1096 | ** This is a pointer to the saved database encryption key string. |
| 1097 |