Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make HTTP authorization a command line option. Choice will be stored in database until another URL change happens. This could potentially break those who currently rely on the special # character in the password. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | http-auth |
| Files: | files | file ages | folders |
| SHA1: |
e747041a721b7ca1a7c15d01121c6045 |
| User & Date: | andybradford 2014-01-29 06:45:30.327 |
Context
|
2014-01-30
| ||
| 03:37 | Honor the command line option also for remote-url. ... (check-in: 72014480dc user: andybradford tags: http-auth) | |
|
2014-01-29
| ||
| 06:45 | Make HTTP authorization a command line option. Choice will be stored in database until another URL change happens. This could potentially break those who currently rely on the special # character in the password. ... (check-in: e747041a72 user: andybradford tags: http-auth) | |
|
2014-01-28
| ||
| 14:06 | Require "Read" permission (capability "u") in order to access the /reports page. Fix for ticket [a757c4fca19d] ... (check-in: f48c84afd1 user: drh tags: trunk) | |
Changes
Changes to src/clone.c.
| ︙ | ︙ | |||
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 |
**
** Options:
** --admin-user|-A USERNAME Make USERNAME the administrator
** --once Don't save url.
** --private Also clone private branches
** --ssl-identity=filename Use the SSL identity if requested by the server
** --ssh-command|-c 'command' Use this SSH command
**
** See also: init
*/
void clone_cmd(void){
char *zPassword;
const char *zDefaultUser; /* Optional name of the default user */
int nErr = 0;
int bPrivate = 0; /* Also clone private branches */
int urlFlags = URL_PROMPT_PW | URL_REMEMBER;
if( find_option("private",0,0)!=0 ) bPrivate = SYNC_PRIVATE;
if( find_option("once",0,0)!=0) urlFlags &= ~URL_REMEMBER;
zDefaultUser = find_option("admin-user","A",1);
clone_ssh_find_options();
url_proxy_options();
if( g.argc < 4 ){
usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
}
db_open_config(0);
| > > | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
**
** Options:
** --admin-user|-A USERNAME Make USERNAME the administrator
** --once Don't save url.
** --private Also clone private branches
** --ssl-identity=filename Use the SSL identity if requested by the server
** --ssh-command|-c 'command' Use this SSH command
** --httpauth Add HTTP Basic Authorization to requests
**
** See also: init
*/
void clone_cmd(void){
char *zPassword;
const char *zDefaultUser; /* Optional name of the default user */
int nErr = 0;
int bPrivate = 0; /* Also clone private branches */
int urlFlags = URL_PROMPT_PW | URL_REMEMBER;
if( find_option("private",0,0)!=0 ) bPrivate = SYNC_PRIVATE;
if( find_option("once",0,0)!=0) urlFlags &= ~URL_REMEMBER;
g.fUseHttpAuth = find_option("httpauth",0,0)!=0;
zDefaultUser = find_option("admin-user","A",1);
clone_ssh_find_options();
url_proxy_options();
if( g.argc < 4 ){
usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
}
db_open_config(0);
|
| ︙ | ︙ |
Changes to src/http.c.
| ︙ | ︙ | |||
60 61 62 63 64 65 66 |
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
}
| < < < < < < | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
}
/* The login card wants the SHA1 hash of the password, so convert the
** password to its SHA1 hash it it isn't already a SHA1 hash.
*/
/* fossil_print("\nzPw=[%s]\n", zPw); // TESTING ONLY */
if( zPw && zPw[0] ) zPw = sha1_shared_secret(zPw, zLogin, 0);
blob_append(&pw, zPw, -1);
|
| ︙ | ︙ | |||
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
** Construct an appropriate HTTP request header. Write the header
** into pHdr. This routine initializes the pHdr blob. pPayload is
** the complete payload (including the login card) already compressed.
*/
static void http_build_header(Blob *pPayload, Blob *pHdr){
int i;
const char *zSep;
blob_zero(pHdr);
i = strlen(g.urlPath);
if( i>0 && g.urlPath[i-1]=='/' ){
zSep = "";
}else{
zSep = "/";
}
blob_appendf(pHdr, "POST %s%sxfer/xfer HTTP/1.0\r\n", g.urlPath, zSep);
if( g.urlProxyAuth ){
blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.urlProxyAuth);
}
| > | | | 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
** Construct an appropriate HTTP request header. Write the header
** into pHdr. This routine initializes the pHdr blob. pPayload is
** the complete payload (including the login card) already compressed.
*/
static void http_build_header(Blob *pPayload, Blob *pHdr){
int i;
const char *zSep;
const int fUseHttpAuth = db_get_boolean("use-http-auth", 0);
blob_zero(pHdr);
i = strlen(g.urlPath);
if( i>0 && g.urlPath[i-1]=='/' ){
zSep = "";
}else{
zSep = "/";
}
blob_appendf(pHdr, "POST %s%sxfer/xfer HTTP/1.0\r\n", g.urlPath, zSep);
if( g.urlProxyAuth ){
blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.urlProxyAuth);
}
if( g.urlPasswd && g.urlUser && fUseHttpAuth ){
char *zCredentials = mprintf("%s:%s", g.urlUser, g.urlPasswd);
char *zEncoded = encode64(zCredentials, -1);
blob_appendf(pHdr, "Authorization: Basic %s\r\n", zEncoded);
fossil_free(zEncoded);
fossil_free(zCredentials);
}
blob_appendf(pHdr, "Host: %s\r\n", g.urlHostname);
blob_appendf(pHdr, "User-Agent: %s\r\n", get_user_agent());
|
| ︙ | ︙ |
Changes to src/main.c.
| ︙ | ︙ | |||
137 138 139 140 141 142 143 144 145 146 147 148 149 150 | char *zLocalRoot; /* The directory holding the local database */ int minPrefix; /* Number of digits needed for a distinct UUID */ int fSqlTrace; /* True if --sqltrace flag is present */ int fSqlStats; /* True if --sqltrace or --sqlstats are present */ int fSqlPrint; /* True if -sqlprint flag is present */ int fQuiet; /* True if -quiet flag is present */ int fHttpTrace; /* Trace outbound HTTP requests */ int fSystemTrace; /* Trace calls to fossil_system(), --systemtrace */ int fSshTrace; /* Trace the SSH setup traffic */ int fSshClient; /* HTTP client flags for SSH client */ char *zSshCmd; /* SSH command string */ int fNoSync; /* Do not do an autosync ever. --nosync */ char *zPath; /* Name of webpage being served */ char *zExtra; /* Extra path information past the webpage name */ | > | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | char *zLocalRoot; /* The directory holding the local database */ int minPrefix; /* Number of digits needed for a distinct UUID */ int fSqlTrace; /* True if --sqltrace flag is present */ int fSqlStats; /* True if --sqltrace or --sqlstats are present */ int fSqlPrint; /* True if -sqlprint flag is present */ int fQuiet; /* True if -quiet flag is present */ int fHttpTrace; /* Trace outbound HTTP requests */ int fUseHttpAuth; /* Use HTTP Basic Authentication in requests */ int fSystemTrace; /* Trace calls to fossil_system(), --systemtrace */ int fSshTrace; /* Trace the SSH setup traffic */ int fSshClient; /* HTTP client flags for SSH client */ char *zSshCmd; /* SSH command string */ int fNoSync; /* Do not do an autosync ever. --nosync */ char *zPath; /* Name of webpage being served */ char *zExtra; /* Extra path information past the webpage name */ |
| ︙ | ︙ |
Changes to src/sync.c.
| ︙ | ︙ | |||
92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
urlOptional = 1;
urlFlags = 0;
}
if( find_option("once",0,0)!=0 ) urlFlags &= ~URL_REMEMBER;
if( find_option("private",0,0)!=0 ){
*pSyncFlags |= SYNC_PRIVATE;
}
if( find_option("verbose","v",0)!=0 ){
*pSyncFlags |= SYNC_VERBOSE;
}
/* The --verily option to sync, push, and pull forces extra igot cards
** to be exchanged. This can overcome malfunctions in the sync protocol.
*/
if( find_option("verily",0,0)!=0 ){
| > | 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
urlOptional = 1;
urlFlags = 0;
}
if( find_option("once",0,0)!=0 ) urlFlags &= ~URL_REMEMBER;
if( find_option("private",0,0)!=0 ){
*pSyncFlags |= SYNC_PRIVATE;
}
g.fUseHttpAuth = find_option("httpauth",0,0)!=0;
if( find_option("verbose","v",0)!=0 ){
*pSyncFlags |= SYNC_VERBOSE;
}
/* The --verily option to sync, push, and pull forces extra igot cards
** to be exchanged. This can overcome malfunctions in the sync protocol.
*/
if( find_option("verily",0,0)!=0 ){
|
| ︙ | ︙ |
Changes to src/url.c.
| ︙ | ︙ | |||
102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
UrlData *pUrlData
){
int i, j, c;
char *zFile = 0;
if( zUrl==0 ){
zUrl = db_get("last-sync-url", 0);
if( zUrl==0 ) return;
if( pUrlData->passwd==0 ){
pUrlData->passwd = unobscure(db_get("last-sync-pw", 0));
}
}
if( strncmp(zUrl, "http://", 7)==0
| > | 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
UrlData *pUrlData
){
int i, j, c;
char *zFile = 0;
if( zUrl==0 ){
zUrl = db_get("last-sync-url", 0);
g.fUseHttpAuth = db_get_boolean("use-http-auth", 0);
if( zUrl==0 ) return;
if( pUrlData->passwd==0 ){
pUrlData->passwd = unobscure(db_get("last-sync-pw", 0));
}
}
if( strncmp(zUrl, "http://", 7)==0
|
| ︙ | ︙ | |||
532 533 534 535 536 537 538 539 540 541 542 543 544 545 |
*/
void url_remember(void){
if( g.urlFlags & URL_REMEMBER ){
db_set("last-sync-url", g.urlCanonical, 0);
if( g.urlUser!=0 && g.urlPasswd!=0 && ( g.urlFlags & URL_REMEMBER_PW ) ){
db_set("last-sync-pw", obscure(g.urlPasswd), 0);
}
}
}
/* Preemptively prompt for a password if a username is given in the
** URL but no password.
*/
void url_get_password_if_needed(void){
| > > > > > | 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 |
*/
void url_remember(void){
if( g.urlFlags & URL_REMEMBER ){
db_set("last-sync-url", g.urlCanonical, 0);
if( g.urlUser!=0 && g.urlPasswd!=0 && ( g.urlFlags & URL_REMEMBER_PW ) ){
db_set("last-sync-pw", obscure(g.urlPasswd), 0);
}
if( g.fUseHttpAuth ){
db_set_int("use-http-auth", 1, 0);
}else{
db_unset("use-http-auth", 0);
}
}
}
/* Preemptively prompt for a password if a username is given in the
** URL but no password.
*/
void url_get_password_if_needed(void){
|
| ︙ | ︙ |