Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Update the change log and sync.wiki for the login card additions. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | xfer-login-card |
| Files: | files | file ages | folders |
| SHA3-256: |
edfa01d9d20400c1ef4fa63f225e9c07 |
| User & Date: | stephan 2025-07-24 02:41:35.171 |
Context
|
2025-07-24
| ||
| 03:03 | Doc touchups. check-in: aa36afc52c user: stephan tags: xfer-login-card | |
| 02:41 | Update the change log and sync.wiki for the login card additions. check-in: edfa01d9d2 user: stephan tags: xfer-login-card | |
| 02:20 | Doc improvements and internal API renaming for clarity. No functional changes. check-in: 286110dec0 user: stephan tags: xfer-login-card | |
Changes
Changes to src/xfer.c.
| ︙ | ︙ | |||
1315 1316 1317 1318 1319 1320 1321 |
}
zScript = xfer_push_code();
if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
pzUuidList = &zUuidList;
pnUuidList = &nUuidList;
}
if( g.syncInfo.zLoginCard ){
| | | | | 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 |
}
zScript = xfer_push_code();
if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
pzUuidList = &zUuidList;
pnUuidList = &nUuidList;
}
if( g.syncInfo.zLoginCard ){
/* Login card received via HTTP header "X-Fossil-Xfer-Login" or
** "x-f-x-l" URL parameter. */
assert( g.syncInfo.bLoginCardHeader && "Set via HTTP header/URL arg" );
blob_zero(&xfer.line);
blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
count(xfer.aToken));
fossil_free( g.syncInfo.zLoginCard );
g.syncInfo.zLoginCard = 0;
if( xfer.nToken==4
|
| ︙ | ︙ |
Changes to www/changes.wiki.
| ︙ | ︙ | |||
11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
so that it works with other query parameters like p=, d=, from=, and to=.
<li> Always include nodes identify by sel1= and sel2= in the /timeline display.
<li> Enable the --editor option on the [/help?cmd=amend|fossil amend] command.
<li> Require at least an anonymous login to access the /blame page and similar,
to help prevent robots from soaking up excess CPU time on such pages.
<li> When walking the filesystem looking for Fossil repositories, avoid descending
into directories named "/proc".
</ol>
<h2 id='v2_26'>Changes for version 2.26 (2025-04-30)</h2><ol>
<li>Enhancements to [/help?cmd=diff|fossil diff] and similar:
<ol type="a">
<li> The argument to the --from option can be a directory name, causing
Fossil to use files under that directory as the baseline for the diff.
| > > | 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
so that it works with other query parameters like p=, d=, from=, and to=.
<li> Always include nodes identify by sel1= and sel2= in the /timeline display.
<li> Enable the --editor option on the [/help?cmd=amend|fossil amend] command.
<li> Require at least an anonymous login to access the /blame page and similar,
to help prevent robots from soaking up excess CPU time on such pages.
<li> When walking the filesystem looking for Fossil repositories, avoid descending
into directories named "/proc".
<ll> Reduce memory requirements for sending authenticated sync protocol
messages.
</ol>
<h2 id='v2_26'>Changes for version 2.26 (2025-04-30)</h2><ol>
<li>Enhancements to [/help?cmd=diff|fossil diff] and similar:
<ol type="a">
<li> The argument to the --from option can be a directory name, causing
Fossil to use files under that directory as the baseline for the diff.
|
| ︙ | ︙ |
Changes to www/sync.wiki.
| ︙ | ︙ | |||
218 219 220 221 222 223 224 | <h3 id="login">3.2 Login Cards</h3> Every message from client to server begins with one or more login cards. Each login card has the following format: <pre><b>login</b> <i>userid nonce signature</i></pre> | | > | | | | > > > > > > > > > > > > > > > | 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 |
<h3 id="login">3.2 Login Cards</h3>
Every message from client to server begins with one or more login
cards. Each login card has the following format:
<pre><b>login</b> <i>userid nonce signature</i></pre>
The userid is the name of the user that is requesting service from the
server, encoded in "fossilized" form (exactly as described for <a
href="#error">the error card</a>). The nonce is the SHA1 hash of the
remainder of the message - all text that follows the newline character
that terminates the login card. The signature is the SHA1 hash of the
concatenation of the nonce and the users password.
When receving a login card, the server looks up the user and verifies
that the nonce matches the SHA1 hash of the remainder of the message.
It then checks the signature hash to make sure the signature matches.
If everything checks out, then the client is granted all privileges of
the specified user.
Only one login card is permitted. A second login card will trigger
a sync error. (Prior to 2025-07-21, the protocol permitted multiple
logins, treating the login as the union of all privileges from all
login cards. That capability was never used and has been removed.)
As of version 2.27, Fossil supports transfering of the login card
outside of the payload body, in one of the following ways:
<ul>
<li> URL parameter named "x-f-x-l". The value must be URL-encoded.
<li> An HTTP header named "X-Fossil-Xfer-Login". The caveat for the
header is that CGI-hosted fossils cannot see the headers. It
works for standalone severs and those running via fossil's
"test-http" mechanism. This approach is retained, despite the CGI
disadvantage, because the URL parameter approach cannot be used
to capture sync payload bodies for re-use with the "test-http"
mechanism, a capability useful in testing.
</ul>
<h3 id="file">3.3 File Cards</h3>
Artifacts are transferred using either "file" cards, or "cfile"
or "uvfile" cards.
The name "file" card comes from the fact that most artifacts correspond to
files that are under version control.
|
| ︙ | ︙ |