Fossil SCM
Do not do automatic login for "fossil server" and "fossil http" and "fossil cgi" unless the --localauth option is used. Continue to do automatic login for 127.0.0.1 connections for "fossil ui", though. Ticket [573727d6d93badc]
Commit
f7a3c6deefc5b6944555f82d4a93acbe85938c26
Parent
60f09863327dadb…
4 files changed
+1
+23
-1
+21
-7
+12
-10
+1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -368,10 +368,11 @@ | ||
| 368 | 368 | ** then there is no need to check user credentials. |
| 369 | 369 | ** |
| 370 | 370 | */ |
| 371 | 371 | zRemoteAddr = PD("REMOTE_ADDR","nil"); |
| 372 | 372 | if( strcmp(zRemoteAddr, "127.0.0.1")==0 |
| 373 | + && g.useLocalauth | |
| 373 | 374 | && db_get_int("localauth",0)==0 |
| 374 | 375 | && P("HTTPS")==0 |
| 375 | 376 | ){ |
| 376 | 377 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 377 | 378 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 378 | 379 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -368,10 +368,11 @@ | |
| 368 | ** then there is no need to check user credentials. |
| 369 | ** |
| 370 | */ |
| 371 | zRemoteAddr = PD("REMOTE_ADDR","nil"); |
| 372 | if( strcmp(zRemoteAddr, "127.0.0.1")==0 |
| 373 | && db_get_int("localauth",0)==0 |
| 374 | && P("HTTPS")==0 |
| 375 | ){ |
| 376 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 377 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 378 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -368,10 +368,11 @@ | |
| 368 | ** then there is no need to check user credentials. |
| 369 | ** |
| 370 | */ |
| 371 | zRemoteAddr = PD("REMOTE_ADDR","nil"); |
| 372 | if( strcmp(zRemoteAddr, "127.0.0.1")==0 |
| 373 | && g.useLocalauth |
| 374 | && db_get_int("localauth",0)==0 |
| 375 | && P("HTTPS")==0 |
| 376 | ){ |
| 377 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 378 | g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid); |
| 379 |
+23
-1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -102,10 +102,11 @@ | ||
| 102 | 102 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 103 | 103 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 104 | 104 | int dontKeepUrl; /* Do not persist the URL */ |
| 105 | 105 | |
| 106 | 106 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 107 | + int useLocalauth; /* No login required if from 127.0.0.1 */ | |
| 107 | 108 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 108 | 109 | int userUid; /* Integer user id */ |
| 109 | 110 | |
| 110 | 111 | /* Information used to populate the RCVFROM table */ |
| 111 | 112 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| @@ -1046,10 +1047,14 @@ | ||
| 1046 | 1047 | if( blob_eq(&key, "notfound:") && blob_token(&line, &value) ){ |
| 1047 | 1048 | zNotFound = mprintf("%s", blob_str(&value)); |
| 1048 | 1049 | blob_reset(&value); |
| 1049 | 1050 | continue; |
| 1050 | 1051 | } |
| 1052 | + if( blob_eq(&key, "localauth") ){ | |
| 1053 | + g.useLocalauth = 1; | |
| 1054 | + continue; | |
| 1055 | + } | |
| 1051 | 1056 | } |
| 1052 | 1057 | blob_reset(&config); |
| 1053 | 1058 | if( g.db==0 && g.zRepositoryName==0 ){ |
| 1054 | 1059 | cgi_panic("Unable to find or open the project repository"); |
| 1055 | 1060 | } |
| @@ -1109,16 +1114,23 @@ | ||
| 1109 | 1114 | ** then the server redirects (HTTP code 302) to the URL of --notfound. |
| 1110 | 1115 | ** |
| 1111 | 1116 | ** The --host option can be used to specify the hostname for the server. |
| 1112 | 1117 | ** The --https option indicates that the request came from HTTPS rather |
| 1113 | 1118 | ** than HTTP. |
| 1119 | +** | |
| 1120 | +** Other options: | |
| 1121 | +** | |
| 1122 | +** --localauth Password signin is not required if this is true and | |
| 1123 | +** the input comes from 127.0.0.1 and the "localauth" | |
| 1124 | +** setting is not disabled. | |
| 1114 | 1125 | */ |
| 1115 | 1126 | void cmd_http(void){ |
| 1116 | 1127 | const char *zIpAddr; |
| 1117 | 1128 | const char *zNotFound; |
| 1118 | 1129 | const char *zHost; |
| 1119 | 1130 | zNotFound = find_option("notfound", 0, 1); |
| 1131 | + g.useLocalauth = find_option("localauth", 0, 0)!=0; | |
| 1120 | 1132 | if( find_option("https",0,0)!=0 ) cgi_replace_parameter("HTTPS","on"); |
| 1121 | 1133 | zHost = find_option("host", 0, 1); |
| 1122 | 1134 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1123 | 1135 | g.cgiOutput = 1; |
| 1124 | 1136 | if( g.argc!=2 && g.argc!=3 && g.argc!=6 ){ |
| @@ -1201,10 +1213,16 @@ | ||
| 1201 | 1213 | ** |
| 1202 | 1214 | ** In the "server" command, the REPOSITORY can be a directory (aka folder) |
| 1203 | 1215 | ** that contains one or more respositories with names ending in ".fossil". |
| 1204 | 1216 | ** In that case, the first element of the URL is used to select among the |
| 1205 | 1217 | ** various repositories. |
| 1218 | +** | |
| 1219 | +** By default, the "ui" command provides full administrative access without | |
| 1220 | +** having to log in. This can be disabled by setting turning off the | |
| 1221 | +** "localauth" setting. Automatic login for the "server" command is available | |
| 1222 | +** if the --localauth option is present and the "localauth" setting is off | |
| 1223 | +** and the connection is from localhost. | |
| 1206 | 1224 | */ |
| 1207 | 1225 | void cmd_webserver(void){ |
| 1208 | 1226 | int iPort, mxPort; /* Range of TCP ports allowed */ |
| 1209 | 1227 | const char *zPort; /* Value of the --port option */ |
| 1210 | 1228 | char *zBrowser; /* Name of web browser program */ |
| @@ -1217,18 +1235,22 @@ | ||
| 1217 | 1235 | const char *zStopperFile; /* Name of file used to terminate server */ |
| 1218 | 1236 | zStopperFile = find_option("stopper", 0, 1); |
| 1219 | 1237 | #endif |
| 1220 | 1238 | |
| 1221 | 1239 | g.thTrace = find_option("th-trace", 0, 0)!=0; |
| 1240 | + g.useLocalauth = find_option("localauth", 0, 0)!=0; | |
| 1222 | 1241 | if( g.thTrace ){ |
| 1223 | 1242 | blob_zero(&g.thLog); |
| 1224 | 1243 | } |
| 1225 | 1244 | zPort = find_option("port", "P", 1); |
| 1226 | 1245 | zNotFound = find_option("notfound", 0, 1); |
| 1227 | 1246 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 1228 | 1247 | isUiCmd = g.argv[1][0]=='u'; |
| 1229 | - if( isUiCmd ) flags |= HTTP_SERVER_LOCALHOST; | |
| 1248 | + if( isUiCmd ){ | |
| 1249 | + flags |= HTTP_SERVER_LOCALHOST; | |
| 1250 | + g.useLocalauth = 1; | |
| 1251 | + } | |
| 1230 | 1252 | find_server_repository(isUiCmd); |
| 1231 | 1253 | if( zPort ){ |
| 1232 | 1254 | iPort = mxPort = atoi(zPort); |
| 1233 | 1255 | }else{ |
| 1234 | 1256 | iPort = db_get_int("http-port", 8080); |
| 1235 | 1257 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -102,10 +102,11 @@ | |
| 102 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 103 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 104 | int dontKeepUrl; /* Do not persist the URL */ |
| 105 | |
| 106 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 107 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 108 | int userUid; /* Integer user id */ |
| 109 | |
| 110 | /* Information used to populate the RCVFROM table */ |
| 111 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| @@ -1046,10 +1047,14 @@ | |
| 1046 | if( blob_eq(&key, "notfound:") && blob_token(&line, &value) ){ |
| 1047 | zNotFound = mprintf("%s", blob_str(&value)); |
| 1048 | blob_reset(&value); |
| 1049 | continue; |
| 1050 | } |
| 1051 | } |
| 1052 | blob_reset(&config); |
| 1053 | if( g.db==0 && g.zRepositoryName==0 ){ |
| 1054 | cgi_panic("Unable to find or open the project repository"); |
| 1055 | } |
| @@ -1109,16 +1114,23 @@ | |
| 1109 | ** then the server redirects (HTTP code 302) to the URL of --notfound. |
| 1110 | ** |
| 1111 | ** The --host option can be used to specify the hostname for the server. |
| 1112 | ** The --https option indicates that the request came from HTTPS rather |
| 1113 | ** than HTTP. |
| 1114 | */ |
| 1115 | void cmd_http(void){ |
| 1116 | const char *zIpAddr; |
| 1117 | const char *zNotFound; |
| 1118 | const char *zHost; |
| 1119 | zNotFound = find_option("notfound", 0, 1); |
| 1120 | if( find_option("https",0,0)!=0 ) cgi_replace_parameter("HTTPS","on"); |
| 1121 | zHost = find_option("host", 0, 1); |
| 1122 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1123 | g.cgiOutput = 1; |
| 1124 | if( g.argc!=2 && g.argc!=3 && g.argc!=6 ){ |
| @@ -1201,10 +1213,16 @@ | |
| 1201 | ** |
| 1202 | ** In the "server" command, the REPOSITORY can be a directory (aka folder) |
| 1203 | ** that contains one or more respositories with names ending in ".fossil". |
| 1204 | ** In that case, the first element of the URL is used to select among the |
| 1205 | ** various repositories. |
| 1206 | */ |
| 1207 | void cmd_webserver(void){ |
| 1208 | int iPort, mxPort; /* Range of TCP ports allowed */ |
| 1209 | const char *zPort; /* Value of the --port option */ |
| 1210 | char *zBrowser; /* Name of web browser program */ |
| @@ -1217,18 +1235,22 @@ | |
| 1217 | const char *zStopperFile; /* Name of file used to terminate server */ |
| 1218 | zStopperFile = find_option("stopper", 0, 1); |
| 1219 | #endif |
| 1220 | |
| 1221 | g.thTrace = find_option("th-trace", 0, 0)!=0; |
| 1222 | if( g.thTrace ){ |
| 1223 | blob_zero(&g.thLog); |
| 1224 | } |
| 1225 | zPort = find_option("port", "P", 1); |
| 1226 | zNotFound = find_option("notfound", 0, 1); |
| 1227 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 1228 | isUiCmd = g.argv[1][0]=='u'; |
| 1229 | if( isUiCmd ) flags |= HTTP_SERVER_LOCALHOST; |
| 1230 | find_server_repository(isUiCmd); |
| 1231 | if( zPort ){ |
| 1232 | iPort = mxPort = atoi(zPort); |
| 1233 | }else{ |
| 1234 | iPort = db_get_int("http-port", 8080); |
| 1235 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -102,10 +102,11 @@ | |
| 102 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 103 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 104 | int dontKeepUrl; /* Do not persist the URL */ |
| 105 | |
| 106 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 107 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 108 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 109 | int userUid; /* Integer user id */ |
| 110 | |
| 111 | /* Information used to populate the RCVFROM table */ |
| 112 | int rcvid; /* The rcvid. 0 if not yet defined. */ |
| @@ -1046,10 +1047,14 @@ | |
| 1047 | if( blob_eq(&key, "notfound:") && blob_token(&line, &value) ){ |
| 1048 | zNotFound = mprintf("%s", blob_str(&value)); |
| 1049 | blob_reset(&value); |
| 1050 | continue; |
| 1051 | } |
| 1052 | if( blob_eq(&key, "localauth") ){ |
| 1053 | g.useLocalauth = 1; |
| 1054 | continue; |
| 1055 | } |
| 1056 | } |
| 1057 | blob_reset(&config); |
| 1058 | if( g.db==0 && g.zRepositoryName==0 ){ |
| 1059 | cgi_panic("Unable to find or open the project repository"); |
| 1060 | } |
| @@ -1109,16 +1114,23 @@ | |
| 1114 | ** then the server redirects (HTTP code 302) to the URL of --notfound. |
| 1115 | ** |
| 1116 | ** The --host option can be used to specify the hostname for the server. |
| 1117 | ** The --https option indicates that the request came from HTTPS rather |
| 1118 | ** than HTTP. |
| 1119 | ** |
| 1120 | ** Other options: |
| 1121 | ** |
| 1122 | ** --localauth Password signin is not required if this is true and |
| 1123 | ** the input comes from 127.0.0.1 and the "localauth" |
| 1124 | ** setting is not disabled. |
| 1125 | */ |
| 1126 | void cmd_http(void){ |
| 1127 | const char *zIpAddr; |
| 1128 | const char *zNotFound; |
| 1129 | const char *zHost; |
| 1130 | zNotFound = find_option("notfound", 0, 1); |
| 1131 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 1132 | if( find_option("https",0,0)!=0 ) cgi_replace_parameter("HTTPS","on"); |
| 1133 | zHost = find_option("host", 0, 1); |
| 1134 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1135 | g.cgiOutput = 1; |
| 1136 | if( g.argc!=2 && g.argc!=3 && g.argc!=6 ){ |
| @@ -1201,10 +1213,16 @@ | |
| 1213 | ** |
| 1214 | ** In the "server" command, the REPOSITORY can be a directory (aka folder) |
| 1215 | ** that contains one or more respositories with names ending in ".fossil". |
| 1216 | ** In that case, the first element of the URL is used to select among the |
| 1217 | ** various repositories. |
| 1218 | ** |
| 1219 | ** By default, the "ui" command provides full administrative access without |
| 1220 | ** having to log in. This can be disabled by setting turning off the |
| 1221 | ** "localauth" setting. Automatic login for the "server" command is available |
| 1222 | ** if the --localauth option is present and the "localauth" setting is off |
| 1223 | ** and the connection is from localhost. |
| 1224 | */ |
| 1225 | void cmd_webserver(void){ |
| 1226 | int iPort, mxPort; /* Range of TCP ports allowed */ |
| 1227 | const char *zPort; /* Value of the --port option */ |
| 1228 | char *zBrowser; /* Name of web browser program */ |
| @@ -1217,18 +1235,22 @@ | |
| 1235 | const char *zStopperFile; /* Name of file used to terminate server */ |
| 1236 | zStopperFile = find_option("stopper", 0, 1); |
| 1237 | #endif |
| 1238 | |
| 1239 | g.thTrace = find_option("th-trace", 0, 0)!=0; |
| 1240 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 1241 | if( g.thTrace ){ |
| 1242 | blob_zero(&g.thLog); |
| 1243 | } |
| 1244 | zPort = find_option("port", "P", 1); |
| 1245 | zNotFound = find_option("notfound", 0, 1); |
| 1246 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 1247 | isUiCmd = g.argv[1][0]=='u'; |
| 1248 | if( isUiCmd ){ |
| 1249 | flags |= HTTP_SERVER_LOCALHOST; |
| 1250 | g.useLocalauth = 1; |
| 1251 | } |
| 1252 | find_server_repository(isUiCmd); |
| 1253 | if( zPort ){ |
| 1254 | iPort = mxPort = atoi(zPort); |
| 1255 | }else{ |
| 1256 | iPort = db_get_int("http-port", 8080); |
| 1257 |
+21
-7
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -763,17 +763,31 @@ | ||
| 763 | 763 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 764 | 764 | login_insert_csrf_secret(); |
| 765 | 765 | @ <hr /> |
| 766 | 766 | onoff_attribute("Require password for local access", |
| 767 | 767 | "localauth", "localauth", 0); |
| 768 | - @ <p>When enabled, the password sign-in is required for | |
| 769 | - @ web access coming from 127.0.0.1. When disabled, web access | |
| 770 | - @ from 127.0.0.1 is allows without any login - the user id is selected | |
| 771 | - @ from the ~/.fossil database. Password login is always required | |
| 772 | - @ for incoming web connections on internet addresses other than | |
| 773 | - @ 127.0.0.1.</p> | |
| 774 | - | |
| 768 | + @ <p>When enabled, the password sign-in is always required for | |
| 769 | + @ web access. When disabled, unrestricted web access from 127.0.0.1 | |
| 770 | + @ is allowed for the <a href="%s(g.zTop)/help/ui">fossil ui</a> command or | |
| 771 | + @ from the <a href="%s(g.zTop)/help/server">fossil server</a>, | |
| 772 | + @ <a href="%s(g.zTop)/help/http">fossil http</a> commands when the | |
| 773 | + @ "--localauth" command line options is used, or from the | |
| 774 | + @ <a href="%s(g.zTop)/help/cgi">fossil cgi</a> if a line containing | |
| 775 | + @ the word "localauth" appears in the CGI script. | |
| 776 | + @ | |
| 777 | + @ <p>A password is always required if any one or more | |
| 778 | + @ of the following are true: | |
| 779 | + @ <ol> | |
| 780 | + @ <li> This button is checked | |
| 781 | + @ <li> The inbound TCP/IP connection is not from 127.0.0.1 | |
| 782 | + @ <li> The server is started using either of the | |
| 783 | + @ <a href="%s(g.zTop)/help/server">fossil server</a> or | |
| 784 | + @ <a href="%s(g.zTop)/help/server">fossil http</a> commands | |
| 785 | + @ without the "--localauth" option. | |
| 786 | + @ <li> The server is started from CGI without the "localauth" keyword | |
| 787 | + @ in the CGI script. | |
| 788 | + @ </ol> | |
| 775 | 789 | @ <hr /> |
| 776 | 790 | onoff_attribute("Allow REMOTE_USER authentication", |
| 777 | 791 | "remote_user_ok", "remote_user_ok", 0); |
| 778 | 792 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 779 | 793 | @ login name of a valid user and no other login credentials are available, |
| 780 | 794 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -763,17 +763,31 @@ | |
| 763 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 764 | login_insert_csrf_secret(); |
| 765 | @ <hr /> |
| 766 | onoff_attribute("Require password for local access", |
| 767 | "localauth", "localauth", 0); |
| 768 | @ <p>When enabled, the password sign-in is required for |
| 769 | @ web access coming from 127.0.0.1. When disabled, web access |
| 770 | @ from 127.0.0.1 is allows without any login - the user id is selected |
| 771 | @ from the ~/.fossil database. Password login is always required |
| 772 | @ for incoming web connections on internet addresses other than |
| 773 | @ 127.0.0.1.</p> |
| 774 | |
| 775 | @ <hr /> |
| 776 | onoff_attribute("Allow REMOTE_USER authentication", |
| 777 | "remote_user_ok", "remote_user_ok", 0); |
| 778 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 779 | @ login name of a valid user and no other login credentials are available, |
| 780 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -763,17 +763,31 @@ | |
| 763 | @ <form action="%s(g.zTop)/setup_access" method="post"><div> |
| 764 | login_insert_csrf_secret(); |
| 765 | @ <hr /> |
| 766 | onoff_attribute("Require password for local access", |
| 767 | "localauth", "localauth", 0); |
| 768 | @ <p>When enabled, the password sign-in is always required for |
| 769 | @ web access. When disabled, unrestricted web access from 127.0.0.1 |
| 770 | @ is allowed for the <a href="%s(g.zTop)/help/ui">fossil ui</a> command or |
| 771 | @ from the <a href="%s(g.zTop)/help/server">fossil server</a>, |
| 772 | @ <a href="%s(g.zTop)/help/http">fossil http</a> commands when the |
| 773 | @ "--localauth" command line options is used, or from the |
| 774 | @ <a href="%s(g.zTop)/help/cgi">fossil cgi</a> if a line containing |
| 775 | @ the word "localauth" appears in the CGI script. |
| 776 | @ |
| 777 | @ <p>A password is always required if any one or more |
| 778 | @ of the following are true: |
| 779 | @ <ol> |
| 780 | @ <li> This button is checked |
| 781 | @ <li> The inbound TCP/IP connection is not from 127.0.0.1 |
| 782 | @ <li> The server is started using either of the |
| 783 | @ <a href="%s(g.zTop)/help/server">fossil server</a> or |
| 784 | @ <a href="%s(g.zTop)/help/server">fossil http</a> commands |
| 785 | @ without the "--localauth" option. |
| 786 | @ <li> The server is started from CGI without the "localauth" keyword |
| 787 | @ in the CGI script. |
| 788 | @ </ol> |
| 789 | @ <hr /> |
| 790 | onoff_attribute("Allow REMOTE_USER authentication", |
| 791 | "remote_user_ok", "remote_user_ok", 0); |
| 792 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 793 | @ login name of a valid user and no other login credentials are available, |
| 794 |
+12
-10
| --- src/winhttp.c | ||
| +++ src/winhttp.c | ||
| @@ -28,14 +28,14 @@ | ||
| 28 | 28 | ** The HttpRequest structure holds information about each incoming |
| 29 | 29 | ** HTTP request. |
| 30 | 30 | */ |
| 31 | 31 | typedef struct HttpRequest HttpRequest; |
| 32 | 32 | struct HttpRequest { |
| 33 | - int id; /* ID counter */ | |
| 34 | - SOCKET s; /* Socket on which to receive data */ | |
| 35 | - SOCKADDR_IN addr; /* Address from which data is coming */ | |
| 36 | - const char *zNotFound; /* --notfound option, or an empty string */ | |
| 33 | + int id; /* ID counter */ | |
| 34 | + SOCKET s; /* Socket on which to receive data */ | |
| 35 | + SOCKADDR_IN addr; /* Address from which data is coming */ | |
| 36 | + const char *zOptions; /* --notfound and/or --localauth options */ | |
| 37 | 37 | }; |
| 38 | 38 | |
| 39 | 39 | /* |
| 40 | 40 | ** Prefix for a temporary file. |
| 41 | 41 | */ |
| @@ -109,11 +109,11 @@ | ||
| 109 | 109 | } |
| 110 | 110 | fclose(out); |
| 111 | 111 | out = 0; |
| 112 | 112 | sqlite3_snprintf(sizeof(zCmd), zCmd, "\"%s\" http \"%s\" %s %s %s%s", |
| 113 | 113 | fossil_nameofexe(), g.zRepositoryName, zRequestFName, zReplyFName, |
| 114 | - inet_ntoa(p->addr.sin_addr), p->zNotFound | |
| 114 | + inet_ntoa(p->addr.sin_addr), p->zOptions | |
| 115 | 115 | ); |
| 116 | 116 | fossil_system(zCmd); |
| 117 | 117 | in = fopen(zReplyFName, "rb"); |
| 118 | 118 | if( in ){ |
| 119 | 119 | while( (got = fread(zHdr, 1, sizeof(zHdr), in))>0 ){ |
| @@ -144,17 +144,19 @@ | ||
| 144 | 144 | WSADATA wd; |
| 145 | 145 | SOCKET s = INVALID_SOCKET; |
| 146 | 146 | SOCKADDR_IN addr; |
| 147 | 147 | int idCnt = 0; |
| 148 | 148 | int iPort = mnPort; |
| 149 | - char *zNotFoundOption; | |
| 149 | + Blob options; | |
| 150 | 150 | |
| 151 | 151 | if( zStopper ) unlink(zStopper); |
| 152 | + blob_zero(&options); | |
| 152 | 153 | if( zNotFound ){ |
| 153 | - zNotFoundOption = mprintf(" --notfound %s", zNotFound); | |
| 154 | - }else{ | |
| 155 | - zNotFoundOption = ""; | |
| 154 | + blob_appendf(&options, " --notfound %s", zNotFound); | |
| 155 | + } | |
| 156 | + if( g.useLocalauth ){ | |
| 157 | + blob_appendf(&options, " --localauth"); | |
| 156 | 158 | } |
| 157 | 159 | if( WSAStartup(MAKEWORD(1,1), &wd) ){ |
| 158 | 160 | fossil_fatal("unable to initialize winsock"); |
| 159 | 161 | } |
| 160 | 162 | while( iPort<=mxPort ){ |
| @@ -213,13 +215,13 @@ | ||
| 213 | 215 | } |
| 214 | 216 | p = fossil_malloc( sizeof(*p) ); |
| 215 | 217 | p->id = ++idCnt; |
| 216 | 218 | p->s = client; |
| 217 | 219 | p->addr = client_addr; |
| 218 | - p->zNotFound = zNotFoundOption; | |
| 220 | + p->zOptions = blob_str(&options); | |
| 219 | 221 | _beginthread(win32_process_one_http_request, 0, (void*)p); |
| 220 | 222 | } |
| 221 | 223 | closesocket(s); |
| 222 | 224 | WSACleanup(); |
| 223 | 225 | } |
| 224 | 226 | |
| 225 | 227 | #endif /* _WIN32 -- This code is for win32 only */ |
| 226 | 228 |
| --- src/winhttp.c | |
| +++ src/winhttp.c | |
| @@ -28,14 +28,14 @@ | |
| 28 | ** The HttpRequest structure holds information about each incoming |
| 29 | ** HTTP request. |
| 30 | */ |
| 31 | typedef struct HttpRequest HttpRequest; |
| 32 | struct HttpRequest { |
| 33 | int id; /* ID counter */ |
| 34 | SOCKET s; /* Socket on which to receive data */ |
| 35 | SOCKADDR_IN addr; /* Address from which data is coming */ |
| 36 | const char *zNotFound; /* --notfound option, or an empty string */ |
| 37 | }; |
| 38 | |
| 39 | /* |
| 40 | ** Prefix for a temporary file. |
| 41 | */ |
| @@ -109,11 +109,11 @@ | |
| 109 | } |
| 110 | fclose(out); |
| 111 | out = 0; |
| 112 | sqlite3_snprintf(sizeof(zCmd), zCmd, "\"%s\" http \"%s\" %s %s %s%s", |
| 113 | fossil_nameofexe(), g.zRepositoryName, zRequestFName, zReplyFName, |
| 114 | inet_ntoa(p->addr.sin_addr), p->zNotFound |
| 115 | ); |
| 116 | fossil_system(zCmd); |
| 117 | in = fopen(zReplyFName, "rb"); |
| 118 | if( in ){ |
| 119 | while( (got = fread(zHdr, 1, sizeof(zHdr), in))>0 ){ |
| @@ -144,17 +144,19 @@ | |
| 144 | WSADATA wd; |
| 145 | SOCKET s = INVALID_SOCKET; |
| 146 | SOCKADDR_IN addr; |
| 147 | int idCnt = 0; |
| 148 | int iPort = mnPort; |
| 149 | char *zNotFoundOption; |
| 150 | |
| 151 | if( zStopper ) unlink(zStopper); |
| 152 | if( zNotFound ){ |
| 153 | zNotFoundOption = mprintf(" --notfound %s", zNotFound); |
| 154 | }else{ |
| 155 | zNotFoundOption = ""; |
| 156 | } |
| 157 | if( WSAStartup(MAKEWORD(1,1), &wd) ){ |
| 158 | fossil_fatal("unable to initialize winsock"); |
| 159 | } |
| 160 | while( iPort<=mxPort ){ |
| @@ -213,13 +215,13 @@ | |
| 213 | } |
| 214 | p = fossil_malloc( sizeof(*p) ); |
| 215 | p->id = ++idCnt; |
| 216 | p->s = client; |
| 217 | p->addr = client_addr; |
| 218 | p->zNotFound = zNotFoundOption; |
| 219 | _beginthread(win32_process_one_http_request, 0, (void*)p); |
| 220 | } |
| 221 | closesocket(s); |
| 222 | WSACleanup(); |
| 223 | } |
| 224 | |
| 225 | #endif /* _WIN32 -- This code is for win32 only */ |
| 226 |
| --- src/winhttp.c | |
| +++ src/winhttp.c | |
| @@ -28,14 +28,14 @@ | |
| 28 | ** The HttpRequest structure holds information about each incoming |
| 29 | ** HTTP request. |
| 30 | */ |
| 31 | typedef struct HttpRequest HttpRequest; |
| 32 | struct HttpRequest { |
| 33 | int id; /* ID counter */ |
| 34 | SOCKET s; /* Socket on which to receive data */ |
| 35 | SOCKADDR_IN addr; /* Address from which data is coming */ |
| 36 | const char *zOptions; /* --notfound and/or --localauth options */ |
| 37 | }; |
| 38 | |
| 39 | /* |
| 40 | ** Prefix for a temporary file. |
| 41 | */ |
| @@ -109,11 +109,11 @@ | |
| 109 | } |
| 110 | fclose(out); |
| 111 | out = 0; |
| 112 | sqlite3_snprintf(sizeof(zCmd), zCmd, "\"%s\" http \"%s\" %s %s %s%s", |
| 113 | fossil_nameofexe(), g.zRepositoryName, zRequestFName, zReplyFName, |
| 114 | inet_ntoa(p->addr.sin_addr), p->zOptions |
| 115 | ); |
| 116 | fossil_system(zCmd); |
| 117 | in = fopen(zReplyFName, "rb"); |
| 118 | if( in ){ |
| 119 | while( (got = fread(zHdr, 1, sizeof(zHdr), in))>0 ){ |
| @@ -144,17 +144,19 @@ | |
| 144 | WSADATA wd; |
| 145 | SOCKET s = INVALID_SOCKET; |
| 146 | SOCKADDR_IN addr; |
| 147 | int idCnt = 0; |
| 148 | int iPort = mnPort; |
| 149 | Blob options; |
| 150 | |
| 151 | if( zStopper ) unlink(zStopper); |
| 152 | blob_zero(&options); |
| 153 | if( zNotFound ){ |
| 154 | blob_appendf(&options, " --notfound %s", zNotFound); |
| 155 | } |
| 156 | if( g.useLocalauth ){ |
| 157 | blob_appendf(&options, " --localauth"); |
| 158 | } |
| 159 | if( WSAStartup(MAKEWORD(1,1), &wd) ){ |
| 160 | fossil_fatal("unable to initialize winsock"); |
| 161 | } |
| 162 | while( iPort<=mxPort ){ |
| @@ -213,13 +215,13 @@ | |
| 215 | } |
| 216 | p = fossil_malloc( sizeof(*p) ); |
| 217 | p->id = ++idCnt; |
| 218 | p->s = client; |
| 219 | p->addr = client_addr; |
| 220 | p->zOptions = blob_str(&options); |
| 221 | _beginthread(win32_process_one_http_request, 0, (void*)p); |
| 222 | } |
| 223 | closesocket(s); |
| 224 | WSACleanup(); |
| 225 | } |
| 226 | |
| 227 | #endif /* _WIN32 -- This code is for win32 only */ |
| 228 |