Fossil SCM

Do not accept the SHA1 password hash as a legitimate password on the login screen.

drh 2013-03-14 21:14 trunk
Commit 2bb8a7a8fcfa26c5dd48c2428fdc33e04801758b
Parent ec4c9787c9f1593…
1 file changed +2 -2
~ src/login.c
M src/login.c
+2 -2
--- src/login.c
+++ src/login.c
@@ -216,12 +216,12 @@
216216
 db_int(0,
217217
 "SELECT uid FROM user"
218218
 " WHERE login=%Q"
219219
 " AND length(cap)>0 AND length(pw)>0"
220220
 " AND login NOT IN ('anonymous','nobody','developer','reader')"
221
- " AND (pw=%Q OR pw=%Q)",
222
- zUsername, zPasswd, zSha1Pw
221
+ " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))",
222
+ zUsername, zSha1Pw, zPasswd
223223
 );
224224
 free(zSha1Pw);
225225
 return uid;
226226
 }
227227
228228
--- src/login.c
+++ src/login.c
@@ -216,12 +216,12 @@
216 db_int(0,
217 "SELECT uid FROM user"
218 " WHERE login=%Q"
219 " AND length(cap)>0 AND length(pw)>0"
220 " AND login NOT IN ('anonymous','nobody','developer','reader')"
221 " AND (pw=%Q OR pw=%Q)",
222 zUsername, zPasswd, zSha1Pw
223 );
224 free(zSha1Pw);
225 return uid;
226 }
227
228
--- src/login.c
+++ src/login.c
@@ -216,12 +216,12 @@
216 db_int(0,
217 "SELECT uid FROM user"
218 " WHERE login=%Q"
219 " AND length(cap)>0 AND length(pw)>0"
220 " AND login NOT IN ('anonymous','nobody','developer','reader')"
221 " AND (pw=%Q OR (length(pw)<>40 AND pw=%Q))",
222 zUsername, zSha1Pw, zPasswd
223 );
224 free(zSha1Pw);
225 return uid;
226 }
227
228

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button