Fossil SCM
Fix login groups.
Commit
6f29649ef376afaa78e156453382827969540a03
Parent
a0fa120b747c1bf…
1 file changed
+29
-27
+29
-27
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -453,10 +453,37 @@ | ||
| 453 | 453 | @ </table> |
| 454 | 454 | @ </form> |
| 455 | 455 | } |
| 456 | 456 | style_footer(); |
| 457 | 457 | } |
| 458 | + | |
| 459 | +/* | |
| 460 | +** SQL function for constant time comparison of two values. | |
| 461 | +** Sets result to 0 if two values are equal. | |
| 462 | +*/ | |
| 463 | +static void constant_time_eq_function( | |
| 464 | + sqlite3_context *context, | |
| 465 | + int argc, | |
| 466 | + sqlite3_value **argv | |
| 467 | +){ | |
| 468 | + const unsigned char *buf1, *buf2; | |
| 469 | + int len, i; | |
| 470 | + unsigned char rc = 0; | |
| 471 | + | |
| 472 | + assert( argc==2 ); | |
| 473 | + len = sqlite3_value_bytes(argv[0]); | |
| 474 | + if( len==0 || len!=sqlite3_value_bytes(argv[1]) ){ | |
| 475 | + rc = 1; | |
| 476 | + }else{ | |
| 477 | + buf1 = sqlite3_value_text(argv[0]); | |
| 478 | + buf2 = sqlite3_value_text(argv[1]); | |
| 479 | + for( i=0; i<len; i++ ){ | |
| 480 | + rc = rc | (buf1[i] ^ buf2[i]); | |
| 481 | + } | |
| 482 | + } | |
| 483 | + sqlite3_result_int(context, rc); | |
| 484 | +} | |
| 458 | 485 | |
| 459 | 486 | /* |
| 460 | 487 | ** Attempt to find login credentials for user zLogin on a peer repository |
| 461 | 488 | ** with project code zCode. Transfer those credentials to the local |
| 462 | 489 | ** repository. |
| @@ -483,10 +510,12 @@ | ||
| 483 | 510 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 484 | 511 | |
| 485 | 512 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 486 | 513 | if( rc==SQLITE_OK ){ |
| 487 | 514 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 515 | + sqlite3_create_function(g.db, "constant_time_eq", 2, SQLITE_UTF8, 0, | |
| 516 | + constant_time_eq_function, 0, 0); | |
| 488 | 517 | sqlite3_busy_timeout(pOther, 5000); |
| 489 | 518 | zSQL = mprintf( |
| 490 | 519 | "SELECT cexpire FROM user" |
| 491 | 520 | " WHERE login=%Q" |
| 492 | 521 | " AND ipaddr=%Q" |
| @@ -539,37 +568,10 @@ | ||
| 539 | 568 | zLogin, zRemoteAddr, zCookie |
| 540 | 569 | ); |
| 541 | 570 | return uid; |
| 542 | 571 | } |
| 543 | 572 | |
| 544 | -/* | |
| 545 | -** SQL function for constant time comparison of two values. | |
| 546 | -** Sets result to 0 if two values are equal. | |
| 547 | -*/ | |
| 548 | -static void constant_time_eq_function( | |
| 549 | - sqlite3_context *context, | |
| 550 | - int argc, | |
| 551 | - sqlite3_value **argv | |
| 552 | -){ | |
| 553 | - const unsigned char *buf1, *buf2; | |
| 554 | - int len, i; | |
| 555 | - unsigned char rc = 0; | |
| 556 | - | |
| 557 | - assert( argc==2 ); | |
| 558 | - len = sqlite3_value_bytes(argv[0]); | |
| 559 | - if( len==0 || len!=sqlite3_value_bytes(argv[1]) ){ | |
| 560 | - rc = 1; | |
| 561 | - }else{ | |
| 562 | - buf1 = sqlite3_value_text(argv[0]); | |
| 563 | - buf2 = sqlite3_value_text(argv[1]); | |
| 564 | - for( i=0; i<len; i++ ){ | |
| 565 | - rc = rc | (buf1[i] ^ buf2[i]); | |
| 566 | - } | |
| 567 | - } | |
| 568 | - sqlite3_result_int(context, rc); | |
| 569 | -} | |
| 570 | - | |
| 571 | 573 | /* |
| 572 | 574 | ** This routine examines the login cookie to see if it exists and |
| 573 | 575 | ** and is valid. If the login cookie checks out, it then sets |
| 574 | 576 | ** global variables appropriately. Global variables set include |
| 575 | 577 | ** g.userUid and g.zLogin and of the g.perm.Read family of permission |
| 576 | 578 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -453,10 +453,37 @@ | |
| 453 | @ </table> |
| 454 | @ </form> |
| 455 | } |
| 456 | style_footer(); |
| 457 | } |
| 458 | |
| 459 | /* |
| 460 | ** Attempt to find login credentials for user zLogin on a peer repository |
| 461 | ** with project code zCode. Transfer those credentials to the local |
| 462 | ** repository. |
| @@ -483,10 +510,12 @@ | |
| 483 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 484 | |
| 485 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 486 | if( rc==SQLITE_OK ){ |
| 487 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 488 | sqlite3_busy_timeout(pOther, 5000); |
| 489 | zSQL = mprintf( |
| 490 | "SELECT cexpire FROM user" |
| 491 | " WHERE login=%Q" |
| 492 | " AND ipaddr=%Q" |
| @@ -539,37 +568,10 @@ | |
| 539 | zLogin, zRemoteAddr, zCookie |
| 540 | ); |
| 541 | return uid; |
| 542 | } |
| 543 | |
| 544 | /* |
| 545 | ** SQL function for constant time comparison of two values. |
| 546 | ** Sets result to 0 if two values are equal. |
| 547 | */ |
| 548 | static void constant_time_eq_function( |
| 549 | sqlite3_context *context, |
| 550 | int argc, |
| 551 | sqlite3_value **argv |
| 552 | ){ |
| 553 | const unsigned char *buf1, *buf2; |
| 554 | int len, i; |
| 555 | unsigned char rc = 0; |
| 556 | |
| 557 | assert( argc==2 ); |
| 558 | len = sqlite3_value_bytes(argv[0]); |
| 559 | if( len==0 || len!=sqlite3_value_bytes(argv[1]) ){ |
| 560 | rc = 1; |
| 561 | }else{ |
| 562 | buf1 = sqlite3_value_text(argv[0]); |
| 563 | buf2 = sqlite3_value_text(argv[1]); |
| 564 | for( i=0; i<len; i++ ){ |
| 565 | rc = rc | (buf1[i] ^ buf2[i]); |
| 566 | } |
| 567 | } |
| 568 | sqlite3_result_int(context, rc); |
| 569 | } |
| 570 | |
| 571 | /* |
| 572 | ** This routine examines the login cookie to see if it exists and |
| 573 | ** and is valid. If the login cookie checks out, it then sets |
| 574 | ** global variables appropriately. Global variables set include |
| 575 | ** g.userUid and g.zLogin and of the g.perm.Read family of permission |
| 576 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -453,10 +453,37 @@ | |
| 453 | @ </table> |
| 454 | @ </form> |
| 455 | } |
| 456 | style_footer(); |
| 457 | } |
| 458 | |
| 459 | /* |
| 460 | ** SQL function for constant time comparison of two values. |
| 461 | ** Sets result to 0 if two values are equal. |
| 462 | */ |
| 463 | static void constant_time_eq_function( |
| 464 | sqlite3_context *context, |
| 465 | int argc, |
| 466 | sqlite3_value **argv |
| 467 | ){ |
| 468 | const unsigned char *buf1, *buf2; |
| 469 | int len, i; |
| 470 | unsigned char rc = 0; |
| 471 | |
| 472 | assert( argc==2 ); |
| 473 | len = sqlite3_value_bytes(argv[0]); |
| 474 | if( len==0 || len!=sqlite3_value_bytes(argv[1]) ){ |
| 475 | rc = 1; |
| 476 | }else{ |
| 477 | buf1 = sqlite3_value_text(argv[0]); |
| 478 | buf2 = sqlite3_value_text(argv[1]); |
| 479 | for( i=0; i<len; i++ ){ |
| 480 | rc = rc | (buf1[i] ^ buf2[i]); |
| 481 | } |
| 482 | } |
| 483 | sqlite3_result_int(context, rc); |
| 484 | } |
| 485 | |
| 486 | /* |
| 487 | ** Attempt to find login credentials for user zLogin on a peer repository |
| 488 | ** with project code zCode. Transfer those credentials to the local |
| 489 | ** repository. |
| @@ -483,10 +510,12 @@ | |
| 510 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 511 | |
| 512 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 513 | if( rc==SQLITE_OK ){ |
| 514 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 515 | sqlite3_create_function(g.db, "constant_time_eq", 2, SQLITE_UTF8, 0, |
| 516 | constant_time_eq_function, 0, 0); |
| 517 | sqlite3_busy_timeout(pOther, 5000); |
| 518 | zSQL = mprintf( |
| 519 | "SELECT cexpire FROM user" |
| 520 | " WHERE login=%Q" |
| 521 | " AND ipaddr=%Q" |
| @@ -539,37 +568,10 @@ | |
| 568 | zLogin, zRemoteAddr, zCookie |
| 569 | ); |
| 570 | return uid; |
| 571 | } |
| 572 | |
| 573 | /* |
| 574 | ** This routine examines the login cookie to see if it exists and |
| 575 | ** and is valid. If the login cookie checks out, it then sets |
| 576 | ** global variables appropriately. Global variables set include |
| 577 | ** g.userUid and g.zLogin and of the g.perm.Read family of permission |
| 578 |