Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Enable Basic Authorization during sync operations by prepending a single "#" to the password. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c1506adbf7a46f7ac4acbaaa69fa2a56 |
| User & Date: | drh 2011-05-03 13:37:11.559 |
Context
|
2011-05-04
| ||
| 13:56 | When listing closed branches, only show a branch if every leaf of that branch is closed. check-in: 74c86dd1da user: drh tags: trunk | |
| 11:16 | Merge the latest changes from trunk. check-in: 503a0ef555 user: drh tags: windows-i18n | |
|
2011-05-03
| ||
| 13:37 | Enable Basic Authorization during sync operations by prepending a single "#" to the password. check-in: c1506adbf7 user: drh tags: trunk | |
|
2011-05-02
| ||
| 14:37 | Corrections to the multi-repository server documentation. Ticket [72c7d223d5258]. check-in: b951baa5c9 user: drh tags: trunk | |
Changes
Changes to src/http.c.
| ︙ | ︙ | |||
60 61 62 63 64 65 66 67 68 69 |
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
if( !g.dontKeepUrl ) db_set("last-sync-pw", obscure(zPw), 0);
}
/* The login card wants the SHA1 hash of the password, so convert the
** password to its SHA1 hash it it isn't already a SHA1 hash.
| > > > > > > < < < < < < < < < | < < | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
if( !g.dontKeepUrl ) db_set("last-sync-pw", obscure(zPw), 0);
}
/* If the first character of the password is "#", then that character is
** not really part of the password - it is an indicator that we should
** use Basic Authentication. So skip that character.
*/
if( zPw && zPw[0]=='#' ) zPw++;
/* The login card wants the SHA1 hash of the password, so convert the
** password to its SHA1 hash it it isn't already a SHA1 hash.
*/
if( zPw && zPw[0] ) zPw = sha1_shared_secret(zPw, zLogin, 0);
blob_append(&pw, zPw, -1);
sha1sum_blob(&pw, &sig);
blob_appendf(pLogin, "login %F %b %b\n", zLogin, &nonce, &sig);
blob_reset(&pw);
blob_reset(&sig);
blob_reset(&nonce);
|
| ︙ | ︙ | |||
104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
zSep = "";
}else{
zSep = "/";
}
blob_appendf(pHdr, "POST %s%sxfer/xfer HTTP/1.0\r\n", g.urlPath, zSep);
if( g.urlProxyAuth ){
blob_appendf(pHdr, "Proxy-Authorization: %s\n", g.urlProxyAuth);
}
blob_appendf(pHdr, "Host: %s\r\n", g.urlHostname);
blob_appendf(pHdr, "User-Agent: Fossil/" MANIFEST_VERSION "\r\n");
if( g.fHttpTrace ){
blob_appendf(pHdr, "Content-Type: application/x-fossil-debug\r\n");
}else{
blob_appendf(pHdr, "Content-Type: application/x-fossil\r\n");
| > > > > > > > | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
zSep = "";
}else{
zSep = "/";
}
blob_appendf(pHdr, "POST %s%sxfer/xfer HTTP/1.0\r\n", g.urlPath, zSep);
if( g.urlProxyAuth ){
blob_appendf(pHdr, "Proxy-Authorization: %s\n", g.urlProxyAuth);
}
if( g.urlPasswd && g.urlUser && g.urlPasswd[0]=='#' ){
char *zCredentials = mprintf("%s:%s", g.urlUser, &g.urlPasswd[1]);
char *zEncoded = encode64(zCredentials, -1);
blob_appendf(pHdr, "Authorization: Basic %s\r\n", zEncoded);
fossil_free(zEncoded);
fossil_free(zCredentials);
}
blob_appendf(pHdr, "Host: %s\r\n", g.urlHostname);
blob_appendf(pHdr, "User-Agent: Fossil/" MANIFEST_VERSION "\r\n");
if( g.fHttpTrace ){
blob_appendf(pHdr, "Content-Type: application/x-fossil-debug\r\n");
}else{
blob_appendf(pHdr, "Content-Type: application/x-fossil\r\n");
|
| ︙ | ︙ |
Changes to src/xfer.c.
| ︙ | ︙ | |||
550 551 552 553 554 555 556 557 558 559 560 561 562 563 |
int rc = -1;
char *zLogin = blob_terminate(pLogin);
defossilize(zLogin);
if( strcmp(zLogin, "nobody")==0 || strcmp(zLogin,"anonymous")==0 ){
return 0; /* Anybody is allowed to sync as "nobody" or "anonymous" */
}
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%Q"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND length(pw)>0",
zLogin
);
| > > > | 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 |
int rc = -1;
char *zLogin = blob_terminate(pLogin);
defossilize(zLogin);
if( strcmp(zLogin, "nobody")==0 || strcmp(zLogin,"anonymous")==0 ){
return 0; /* Anybody is allowed to sync as "nobody" or "anonymous" */
}
if( fossil_strcmp(P("REMOTE_USER"), zLogin)==0 ){
return 0; /* Accept Basic Authorization */
}
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
" WHERE login=%Q"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND length(pw)>0",
zLogin
);
|
| ︙ | ︙ | |||
807 808 809 810 811 812 813 814 815 816 817 818 819 820 |
char *zNow;
if( strcmp(PD("REQUEST_METHOD","POST"),"POST") ){
fossil_redirect_home();
}
g.zLogin = "anonymous";
login_set_anon_nobody_capabilities();
memset(&xfer, 0, sizeof(xfer));
blobarray_zero(xfer.aToken, count(xfer.aToken));
cgi_set_content_type(g.zContentType);
if( db_schema_is_outofdate() ){
@ error database\sschema\sis\sout-of-date\son\sthe\sserver.
return;
}
| > | 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 |
char *zNow;
if( strcmp(PD("REQUEST_METHOD","POST"),"POST") ){
fossil_redirect_home();
}
g.zLogin = "anonymous";
login_set_anon_nobody_capabilities();
login_check_credentials();
memset(&xfer, 0, sizeof(xfer));
blobarray_zero(xfer.aToken, count(xfer.aToken));
cgi_set_content_type(g.zContentType);
if( db_schema_is_outofdate() ){
@ error database\sschema\sis\sout-of-date\son\sthe\sserver.
return;
}
|
| ︙ | ︙ |