Fossil SCM
Transfer SHA1-encoded passwords on a "configure push|pull user" when the client has Admin privilege.
Commit
9c5322463b5b6608173f7e06f74393b9c4e093c6
Parent
596f3c10feba7eb…
1 file changed
+7
-4
+7
-4
| --- src/configure.c | ||
| +++ src/configure.c | ||
| @@ -167,18 +167,21 @@ | ||
| 167 | 167 | db_column_text(&q, 2) |
| 168 | 168 | ); |
| 169 | 169 | } |
| 170 | 170 | db_finalize(&q); |
| 171 | 171 | }else if( strcmp(zName, "@user")==0 ){ |
| 172 | - db_prepare(&q, "SELECT login, cap, info, quote(photo) FROM user"); | |
| 172 | + db_prepare(&q, | |
| 173 | + "SELECT login, CASE WHEN length(pw)==40 THEN pw END," | |
| 174 | + " cap, info, quote(photo) FROM user"); | |
| 173 | 175 | while( db_step(&q)==SQLITE_ROW ){ |
| 174 | - blob_appendf(pOut, "INSERT INTO _xfer_user(login,cap,info,photo)" | |
| 175 | - " VALUES(%Q,%Q,%Q,%s);\n", | |
| 176 | + blob_appendf(pOut, "INSERT INTO _xfer_user(login,pw,cap,info,photo)" | |
| 177 | + " VALUES(%Q,%Q,%Q,%Q,%s);\n", | |
| 176 | 178 | db_column_text(&q, 0), |
| 177 | 179 | db_column_text(&q, 1), |
| 178 | 180 | db_column_text(&q, 2), |
| 179 | - db_column_text(&q, 3) | |
| 181 | + db_column_text(&q, 3), | |
| 182 | + db_column_text(&q, 4) | |
| 180 | 183 | ); |
| 181 | 184 | } |
| 182 | 185 | db_finalize(&q); |
| 183 | 186 | }else if( strcmp(zName, "@concealed")==0 ){ |
| 184 | 187 | db_prepare(&q, "SELECT hash, content FROM concealed"); |
| 185 | 188 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -167,18 +167,21 @@ | |
| 167 | db_column_text(&q, 2) |
| 168 | ); |
| 169 | } |
| 170 | db_finalize(&q); |
| 171 | }else if( strcmp(zName, "@user")==0 ){ |
| 172 | db_prepare(&q, "SELECT login, cap, info, quote(photo) FROM user"); |
| 173 | while( db_step(&q)==SQLITE_ROW ){ |
| 174 | blob_appendf(pOut, "INSERT INTO _xfer_user(login,cap,info,photo)" |
| 175 | " VALUES(%Q,%Q,%Q,%s);\n", |
| 176 | db_column_text(&q, 0), |
| 177 | db_column_text(&q, 1), |
| 178 | db_column_text(&q, 2), |
| 179 | db_column_text(&q, 3) |
| 180 | ); |
| 181 | } |
| 182 | db_finalize(&q); |
| 183 | }else if( strcmp(zName, "@concealed")==0 ){ |
| 184 | db_prepare(&q, "SELECT hash, content FROM concealed"); |
| 185 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -167,18 +167,21 @@ | |
| 167 | db_column_text(&q, 2) |
| 168 | ); |
| 169 | } |
| 170 | db_finalize(&q); |
| 171 | }else if( strcmp(zName, "@user")==0 ){ |
| 172 | db_prepare(&q, |
| 173 | "SELECT login, CASE WHEN length(pw)==40 THEN pw END," |
| 174 | " cap, info, quote(photo) FROM user"); |
| 175 | while( db_step(&q)==SQLITE_ROW ){ |
| 176 | blob_appendf(pOut, "INSERT INTO _xfer_user(login,pw,cap,info,photo)" |
| 177 | " VALUES(%Q,%Q,%Q,%Q,%s);\n", |
| 178 | db_column_text(&q, 0), |
| 179 | db_column_text(&q, 1), |
| 180 | db_column_text(&q, 2), |
| 181 | db_column_text(&q, 3), |
| 182 | db_column_text(&q, 4) |
| 183 | ); |
| 184 | } |
| 185 | db_finalize(&q); |
| 186 | }else if( strcmp(zName, "@concealed")==0 ){ |
| 187 | db_prepare(&q, "SELECT hash, content FROM concealed"); |
| 188 |