Fossil

Diff
Login

Diff

Annotate Patch Side-by-side Diff

Differences From Artifact [89b0e2e0f0]:

To Artifact [b663843e71]:

126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191



192
193
194
195
196
197
198
199
200
201

126
127
128
129
130
131
132























133
134
135
136
137
138
139
140
141
142
143
144
145
146
147




148
149
150
151
152
153
154
155
156
157
158
159
160
161
162


163
164
165



166
167
168
169
170
171
172








-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-















-
-
-
-















-
-
+
+
+
-
-
-








  sha1sum_blob(&pw, &sig);
  blob_appendf(pLogin, "login %F %b %b", zLogin, &nonce, &sig);
  blob_reset(&pw);
  blob_reset(&sig);
  blob_reset(&nonce);
}

/*
** If we're in "login card header" mode, append ?x-f-x-l=ABC to
** g.url.path, replacing any "?..." part of g.url.path.  ABC = the
** %T-encoded contents of pLogin.  This is workaround for feeding the
** login card to CGI-hosted fossil instances, as those do not read the
** HTTP headers so cannot see the X-Fossil-Xfer-Login (x-f-x-l)
** header.
*/
static void url_append_login_card(Blob * const pLogin){
  if( g.syncInfo.fLoginCardMode ||
      g.syncInfo.remoteVersion >= RELEASE_VERSION_NUMBER ){
    char * x;
    char * z = g.url.path;
    while( z && *z && '?'!=*z ) ++z;
    if( z && *z ) *z = 0;
    x = mprintf("%s?x-f-x-l=%T", g.url.path ? g.url.path : "/",
                blob_str(pLogin));
    fossil_free(g.url.path);
    g.url.path = x;
    g.syncInfo.fLoginCardMode |= 0x04;
  }
}

/*
** Construct an appropriate HTTP request header.  Write the header
** into pHdr.  This routine initializes the pHdr blob.  pPayload is
** the complete payload (including the login card if pLogin is NULL or
** empty) already compressed.
*/
static void http_build_header(
  Blob *pPayload,              /* the payload that will be sent */
  Blob *pHdr,                  /* construct the header here */
  Blob *pLogin,                /* Login card header value or NULL */
  const char *zAltMimetype     /* Alternative mimetype */
){
  int nPayload = pPayload ? blob_size(pPayload) : 0;

  blob_zero(pHdr);
  if( nPayload>0 && pLogin && blob_size(pLogin)>0 ){
    /* Add login card URL arg for POST requests */
    url_append_login_card(pLogin);
  }
  blob_appendf(pHdr, "%s %s HTTP/1.0\r\n",
               nPayload>0 ? "POST" : "GET",
               (g.url.path && g.url.path[0]) ? g.url.path : "/");
  if( g.url.proxyAuth ){
    blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.url.proxyAuth);
  }
  if( g.zHttpAuth && g.zHttpAuth[0] ){
    const char *zCredentials = g.zHttpAuth;
    char *zEncoded = encode64(zCredentials, -1);
    blob_appendf(pHdr, "Authorization: Basic %s\r\n", zEncoded);
    fossil_free(zEncoded);
  }
  blob_appendf(pHdr, "Host: %s\r\n", g.url.hostname);
  blob_appendf(pHdr, "User-Agent: %s\r\n", get_user_agent());
  if( g.url.isSsh ) blob_appendf(pHdr, "X-Fossil-Transport: SSH\r\n");
  if( pLogin && blob_size(pLogin) ){
    blob_appendf(pHdr, "X-Fossil-Xfer-Login: %b\r\n", pLogin)
  if( nPayload>0 && pLogin && blob_size(pLogin) ){
    /* Add login card via a transient cookie. */
    blob_appendf(pHdr, "Cookie: x-f-x-l=%T\r\n", blob_str(pLogin));
      /* Noting that CGIs can't read headers, but test-http can. If we
      ** set this _only_ as a URL argument then we lose that info for
      ** purposes of feeding it back through test-http. */;
  }
  if( nPayload ){
    if( zAltMimetype ){
      blob_appendf(pHdr, "Content-Type: %s\r\n", zAltMimetype);
    }else if( g.fHttpTrace ){
      blob_appendf(pHdr, "Content-Type: application/x-fossil-debug\r\n");
    }else{