Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | merge from trunk |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | wolfgangHelpCmd |
| Files: | files | file ages | folders |
| SHA1: |
ff6760ba0940c3b13c51c34530e95b51 |
| User & Date: | wolfgang 2010-10-08 13:06:40.000 |
Context
|
2010-10-08
| ||
| 15:05 | fine tuning the layout of the command line help strings ... (check-in: c6d1879069 user: wolfgang tags: wolfgangHelpCmd) | |
| 13:06 | merge from trunk ... (check-in: ff6760ba09 user: wolfgang tags: wolfgangHelpCmd) | |
| 12:56 | corrected layout for wrong calls to help web page ... (check-in: d6e69d6a18 user: wolfgang tags: wolfgangHelpCmd) | |
| 10:59 | Obscure the text of the remote-url password so that it is not easily visible using the sqlite3 CLI. ... (check-in: cfbbad3d48 user: drh tags: trunk) | |
Changes
Changes to src/configure.c.
| ︙ | ︙ | |||
452 453 454 455 456 457 458 |
zPw = 0;
g.dontKeepUrl = 1;
}else{
zServer = db_get("last-sync-url", 0);
if( zServer==0 ){
fossil_fatal("no server specified");
}
| | | 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 |
zPw = 0;
g.dontKeepUrl = 1;
}else{
zServer = db_get("last-sync-url", 0);
if( zServer==0 ){
fossil_fatal("no server specified");
}
zPw = unobscure(db_get("last-sync-pw", 0));
}
url_parse(zServer);
if( g.urlPasswd==0 && zPw ) g.urlPasswd = mprintf("%s", zPw);
user_select();
url_enable_proxy("via proxy: ");
if( strncmp(zMethod, "push", n)==0 ){
client_sync(0,0,0,0,mask);
|
| ︙ | ︙ |
Changes to src/encode.c.
| ︙ | ︙ | |||
504 505 506 507 508 509 510 |
*/
void canonical16(char *z, int n){
while( *z && n-- ){
*z = zEncode[zDecode[(*z)&0x7f]&0x1f];
z++;
}
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 |
*/
void canonical16(char *z, int n){
while( *z && n-- ){
*z = zEncode[zDecode[(*z)&0x7f]&0x1f];
z++;
}
}
/* Randomness used for XOR-ing by the obscure() and unobscure() routines */
static const unsigned char aObscurer[16] = {
0xa7, 0x21, 0x31, 0xe3, 0x2a, 0x50, 0x2c, 0x86,
0x4c, 0xa4, 0x52, 0x25, 0xff, 0x49, 0x35, 0x85
};
/*
** Obscure plain text so that it is not easily readable.
**
** This is used for storing sensitive information (such as passwords) in a
** way that prevents their exposure through idle browsing. This is not
** encryption. Anybody who really wants the password can still get it.
**
** The text is XOR-ed with a repeating pattern then converted to hex.
** Space to hold the returned string is obtained from malloc and should
** be freed by the caller.
*/
char *obscure(const char *zIn){
int n, i;
unsigned char salt;
char *zOut;
n = strlen(zIn);
zOut = malloc( n*2+3 );
if( zOut==0 ) fossil_panic("out of memory");
sqlite3_randomness(1, &salt);
zOut[n+1] = (char)salt;
for(i=0; i<n; i++) zOut[i+n+2] = zIn[i]^aObscurer[i&0x0f]^salt;
encode16((unsigned char*)&zOut[n+1], (unsigned char*)zOut, n+1);
return zOut;
}
/*
** Undo the obscuring of text performed by obscure(). Or, if the input is
** not hexadecimal (meaning the input is not the output of obscure()) then
** do the equivalent of strdup().
**
** The result is memory obtained from malloc that should be freed by the caller.
*/
char *unobscure(const char *zIn){
int n, i;
unsigned char salt;
char *zOut;
n = strlen(zIn);
zOut = malloc( n + 1 );
if( zOut==0 ) fossil_panic("out of memory");
if( n<2
|| decode16((unsigned char*)zIn, &salt, 2)
|| decode16((unsigned char*)&zIn[2], (unsigned char*)zOut, n-2)
){
memcpy(zOut, zIn, n+1);
}else{
n = n/2 - 1;
for(i=0; i<n; i++) zOut[i] = zOut[i]^aObscurer[i&0x0f]^salt;
zOut[n] = 0;
}
return zOut;
}
/*
** Command to test obscure() and unobscure(). These commands are also useful
** utilities for decoding passwords found in the database.
**
** COMMAND: test-obscure
*/
void test_obscure_cmd(void){
int i;
char *z, *z2;
for(i=2; i<g.argc; i++){
z = obscure(g.argv[i]);
z2 = unobscure(z);
printf("OBSCURE: %s -> %s (%s)\n", g.argv[i], z, z2);
free(z);
free(z2);
z = unobscure(g.argv[i]);
printf("UNOBSCURE: %s -> %s\n", g.argv[i], z);
free(z);
}
}
|
Changes to src/http.c.
| ︙ | ︙ | |||
58 59 60 61 62 63 64 |
/* Password failure while doing a sync from the web interface */
cgi_printf("*** incorrect or missing password for user %h\n", zLogin);
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
| | | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
/* Password failure while doing a sync from the web interface */
cgi_printf("*** incorrect or missing password for user %h\n", zLogin);
zPw = 0;
}else{
/* Password failure while doing a sync from the command-line interface */
url_prompt_for_password();
zPw = g.urlPasswd;
if( !g.dontKeepUrl ) db_set("last-sync-pw", obscure(zPw), 0);
}
/* The login card wants the SHA1 hash of the password, so convert the
** password to its SHA1 hash it it isn't already a SHA1 hash.
**
** Except, if the password begins with "*" then use the characters
** after the "*" as a cleartext password. Put an "*" at the beginning
|
| ︙ | ︙ |
Changes to src/sync.c.
| ︙ | ︙ | |||
54 55 56 57 58 59 60 |
}else{
/* Autosync defaults on. To make it default off, "return" here. */
}
zUrl = db_get("last-sync-url", 0);
if( zUrl==0 ){
return; /* No default server */
}
| | | 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
}else{
/* Autosync defaults on. To make it default off, "return" here. */
}
zUrl = db_get("last-sync-url", 0);
if( zUrl==0 ){
return; /* No default server */
}
zPw = unobscure(db_get("last-sync-pw", 0));
url_parse(zUrl);
if( g.urlUser!=0 && g.urlPasswd==0 ){
g.urlPasswd = mprintf("%s", zPw);
}
if( (flags & AUTOSYNC_PULL)!=0 && db_get_boolean("auto-shun",1) ){
/* When doing an automatic pull, also automatically pull shuns from
** the server if pull_shuns is enabled.
|
| ︙ | ︙ | |||
91 92 93 94 95 96 97 |
int urlOptional = find_option("autourl",0,0)!=0;
g.dontKeepUrl = find_option("once",0,0)!=0;
url_proxy_options();
db_find_and_open_repository(1);
db_open_config(0);
if( g.argc==2 ){
zUrl = db_get("last-sync-url", 0);
| | | | 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
int urlOptional = find_option("autourl",0,0)!=0;
g.dontKeepUrl = find_option("once",0,0)!=0;
url_proxy_options();
db_find_and_open_repository(1);
db_open_config(0);
if( g.argc==2 ){
zUrl = db_get("last-sync-url", 0);
zPw = unobscure(db_get("last-sync-pw", 0));
if( db_get_boolean("auto-sync",1) ) configSync = CONFIGSET_SHUN;
}else if( g.argc==3 ){
zUrl = g.argv[2];
}
if( zUrl==0 ){
if( urlOptional ) fossil_exit(0);
usage("URL");
}
url_parse(zUrl);
if( !g.dontKeepUrl ){
db_set("last-sync-url", g.urlCanonical, 0);
if( g.urlPasswd ) db_set("last-sync-pw", obscure(g.urlPasswd), 0);
}
if( g.urlUser!=0 && g.urlPasswd==0 ){
if( zPw==0 ){
url_prompt_for_password();
}else{
g.urlPasswd = mprintf("%s", zPw);
}
|
| ︙ | ︙ | |||
233 234 235 236 237 238 239 |
}else{
url_parse(g.argv[2]);
if( g.urlUser && g.urlPasswd==0 ){
url_prompt_for_password();
}
db_set("last-sync-url", g.urlCanonical, 0);
if( g.urlPasswd ){
| | | 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 |
}else{
url_parse(g.argv[2]);
if( g.urlUser && g.urlPasswd==0 ){
url_prompt_for_password();
}
db_set("last-sync-url", g.urlCanonical, 0);
if( g.urlPasswd ){
db_set("last-sync-pw", obscure(g.urlPasswd), 0);
}else{
db_unset("last-sync-pw", 0);
}
}
}
zUrl = db_get("last-sync-url", 0);
if( zUrl==0 ){
|
| ︙ | ︙ |