Changes On Branch b49c9b3685e392a2
Not logged in
Home Timeline Branches Tags Tickets Wiki Login
Patch Side-by-Side Diff

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch xfer-login-card Through [b49c9b3685] Excluding Merge-Ins

This is equivalent to a diff from c6f0d7aecd to b49c9b3685

2025-07-23
15:58
Minor optimization: replace calls to mprintf("%s", X) with fossil_strdup(X). check-in: 4c3e1728e1 user: danield tags: trunk
2025-07-22
02:16
For testing purposes only, unconditionally use the X-Fossil-Xfer-Login HTTP header for sync requests, rather than add it to the payload (which seems to work okay). This is primarily so that apples-to-apples comparisons can be made in libfossil's testing, and will be reverted (or applied conditionally) once the libfossil side is working. check-in: ff942066d5 user: stephan tags: xfer-login-card
2025-07-21
23:45
Move the X-Fossil-Xfer-Login header check to the correct end of the connection. It is receiving these from libfossil tests but is failing to validate them, but that may well be a bug in that brand new downstream code. check-in: b49c9b3685 user: stephan tags: xfer-login-card
19:47
Update sync.wiki for [12cc5bbf227e3]. check-in: a4c5a2a961 user: stephan tags: xfer-login-card
18:38
Enable an /xfer login card to be delivered via the X-Fossil-Xfer-Login HTTP header, which is expected to be in the same format as the sync protocol's login card. The purpose of this is to simplify generation of the login card from non-fossil(1) clients, namely libfossil. This is untested until libfossil can generate such cards (it's just missing a ... check-in: cfddded40e user: stephan tags: xfer-login-card
17:16
Account for [638b7e094b899a] when building with --json, as reported in [forum:9acc3d0022407bfe | forum post 9acc3d0022]. check-in: c6f0d7aecd user: stephan tags: trunk
13:20
Remove FossilUserPerms::Query, as it's unused and its designated capabilities letter 'q' collides with ModTkt. It's been there since 2011-09-14 but went unnoticed until today when that struct was emacs-macro-reformatted into libfossil and triggered a duplicate case value for the letter 'q'. check-in: 638b7e094b user: stephan tags: trunk

Changes to src/cgi.c. 
2219
2220
2221
2222
2223
2224
2225



2226
2227
2228
2229
2230
2231
2232

2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235








+
+
+








    }else if( fossil_strcmp(zFieldName,"range:")==0 ){
      int x1 = 0;
      int x2 = 0;
      if( sscanf(zVal,"bytes=%d-%d",&x1,&x2)==2 && x1>=0 && x1<=x2 ){
        rangeStart = x1;
        rangeEnd = x2+1;
      }
    }else if( fossil_strcmp(zFieldName, "x-fossil-xfer-login:")==0 ){
      g.zLoginCard = fossil_strdup(zVal);
      /*fprintf(stderr, "X-Fossil-Xfer-Login: %s\n", g.zLoginCard);*/
    }
  }
  cgi_setenv("REQUEST_SCHEME",zScheme);
  cgi_init();
  cgi_trace(0);
}
Changes to src/http.c. 
66
67
68
69
70
71
72
73

74
75
76

77
78
79
80
81
82
83

66
67
68
69
70
71
72

73
74
75

76
77
78
79
80
81
82
83








-
+


-
+








  const char *zLogin;  /* The user login name */
  const char *zPw;     /* The user password */
  Blob pw;             /* The nonce with user password appended */
  Blob sig;            /* The signature field */

  blob_zero(pLogin);
  if( g.url.user==0 || fossil_strcmp(g.url.user, "anonymous")==0 ){
     return;  /* If no login card for users "nobody" and "anonymous" */
     return;  /* No login card for users "nobody" and "anonymous" */
  }
  if( g.url.isSsh ){
     return;  /* If no login card for SSH: */
     return;  /* No login card for SSH: */
  }
  blob_zero(&nonce);
  blob_zero(&pw);
  sha1sum_blob(pPayload, &nonce);
  blob_copy(&pw, &nonce);
  zLogin = g.url.user;
  if( g.url.passwd ){
Changes to src/main.c. 
228
229
230
231
232
233
234

235
236
237
238
239
240
241

228
229
230
231
232
233
234
235
236
237
238
239
240
241
242








+








                             ** SSL client identity */
  const char *zCgiFile;      /* Name of the CGI file */
  const char *zReqType;      /* Type of request: "HTTP", "CGI", "SCGI" */
#if USE_SEE
  const char *zPidKey;    /* Saved value of the --usepidkey option.  Only
                           * applicable when using SEE on Windows or Linux. */
#endif
  char *zLoginCard;       /* X-Fossil-Xfer-Login request header value */
  int useLocalauth;       /* No login required if from 127.0.0.1 */
  int noPswd;             /* Logged in without password (on 127.0.0.1) */
  int userUid;            /* Integer user id */
  int isHuman;            /* True if access by a human, not a spider or bot */
  int comFmtFlags;        /* Zero or more "COMMENT_PRINT_*" bit flags, should be
                          ** accessed through get_comment_format(). */
  const char *zSockName;  /* Name of the unix-domain socket file */
Changes to src/xfer.c. 
1271
1272
1273
1274
1275
1276
1277

1278
1279
1280
1281
1282
1283
1284

1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285








+








  const char *zScript = 0;
  char *zUuidList = 0;
  int nUuidList = 0;
  char **pzUuidList = 0;
  int *pnUuidList = 0;
  int uvCatalogSent = 0;
  int bSendLinks = 0;
  int nLogin = 0;

  if( fossil_strcmp(PD("REQUEST_METHOD","POST"),"POST") ){
     fossil_redirect_home();
  }
  g.zLogin = "anonymous";
  login_set_anon_nobody_capabilities();
  login_check_credentials();

1312
1313
1314
1315
1316
1317
1318














1319
1320
1321
1322
1323
1324
1325

1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340








+
+
+
+
+
+
+
+
+
+
+
+
+
+








    @ error common\sscript\sfailed:\s%F(g.zErrMsg)
    nErr++;
  }
  zScript = xfer_push_code();
  if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
    pzUuidList = &zUuidList;
    pnUuidList = &nUuidList;
  }
  if( g.zLoginCard ){
    /* Login card received via HTTP header X-Fossil-Xfer-Login */
    blob_init(&xfer.line, g.zLoginCard, -1);
    xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
                                count(xfer.aToken));
    if( xfer.nToken==4
        && blob_eq(&xfer.aToken[0], "login") ){
      /*fprintf(stderr,"g.zLoginCard=%s nToken=%d\n", g.zLoginCard,
        xfer.nToken);*/
      goto handle_login_card;
    }
    fossil_free( g.zLoginCard );
    g.zLoginCard = 0;
  }
  while( blob_line(xfer.pIn, &xfer.line) ){
    if( blob_buffer(&xfer.line)[0]=='#' ) continue;
    if( blob_size(&xfer.line)==0 ) continue;
    xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken, count(xfer.aToken));

    /*   file HASH SIZE \n CONTENT

1548
1549
1550
1551
1552
1553
1554


1555



1556
1557
1558
1559


1560
1561





1562
1563
1564
1565
1566
1567
1568

1563
1564
1565
1566
1567
1568
1569
1570
1571

1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594








+
+
-
+
+
+




+
+


+
+
+
+
+








      @ push %s(db_get("server-code", "x")) %s(db_get("project-code", "x"))
    }else

    /*    login  USER  NONCE  SIGNATURE
    **
    ** The client has sent login credentials to the server.
    ** Validate the login.  This has to happen before anything else.
    **
    ** For many years, Fossil would accept multiple login cards with
    ** The client can send multiple logins.  Permissions are cumulative.
    ** cumulative permissions.  But that feature was never used.  Hence
    ** it is now prohibited.  Any login card after the first generates
    ** a fatal error.
    */
    if( blob_eq(&xfer.aToken[0], "login")
     && xfer.nToken==4
    ){
    handle_login_card:
      nLogin++;
      if( disableLogin ){
        g.perm.Read = g.perm.Write = g.perm.Private = g.perm.Admin = 1;
      }else if( nLogin > 1 ){
        cgi_reset_content();
        @ error multiple\slogin\cards
        nErr++;
        break;
      }else{
        if( check_tail_hash(&xfer.aToken[2], xfer.pIn)
         || check_login(&xfer.aToken[1], &xfer.aToken[2], &xfer.aToken[3])
        ){
          cgi_reset_content();
          @ error login\sfailed
          nErr++;
Changes to www/sync.wiki. 
224
225
226
227
228
229
230
231
232
233



234
235
236


237

238
239
240



241
242
243
244
245
246
247

224
225
226
227
228
229
230



231
232
233



234
235
236
237



238
239
240
241
242
243
244
245
246
247








-
-
-
+
+
+
-
-
-
+
+

+
-
-
-
+
+
+









The userid is the name of the user that is requesting service
from the server.  The nonce is the SHA1 hash of the remainder of
the message - all text that follows the newline character that
terminates the login card.  The signature is the SHA1 hash of
the concatenation of the nonce and the users password.

For each login card, the server looks up the user and verifies
that the nonce matches the SHA1 hash of the remainder of the
message.  It then checks the signature hash to make sure the
When receving a login card, the server looks up the user and verifies
that the nonce matches the SHA1 hash of the remainder of the message.
It then checks the signature hash to make sure the signature matches.
signature matches.  If everything
checks out, then the client is granted all privileges of the
specified user.
If everything checks out, then the client is granted all privileges of
the specified user.

Only one login in card is permitted. A second login card will trigger
Privileges are cumulative.  There can be multiple successful
login cards.  The session privilege is the union of all
privileges from all login cards.
a sync error. (Prior to 2025-07-21, the protocol permitted multiple
logins, treating the login as the union of all privilges from all
login cards. That capability was never used and has been removed.)

<h3 id="file">3.3 File Cards</h3>

Artifacts are transferred using either "file" cards, or "cfile"
or "uvfile" cards.
The name "file" card comes from the fact that most artifacts correspond to
files that are under version control.
Fossil version [1205ec86cb] 2025-04-30 16:57:32