Overview
| SHA1 Hash: | 0600b278c0f105dc1aafaf7ee2decb84d3801607 |
|---|---|
| Date: | 2008-10-26 21:30:23 |
| User: | drh |
| Comment: | Remove the unused inherit-anon configuration attribute. Fix the automatic redirect that follows a login operation. Fix "config push user" on the server side. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/db.c from [d9d1c45fb2] to [594da7eeb0].
@@ -1203,13 +1203,10 @@
** editor Text editor command used for check-in comments.
**
** gdiff-command External command to run when performing a graphical
** diff. If undefined, text diff will be used.
**
-** inherit-anon If enabled, any web user inherits capabilities from
-** anonymous as well as nobody.
-**
** localauth If enabled, require that HTTP connections from
** 127.0.0.1 be authenticated by password. If
** false, all HTTP requests from localhost have
** unrestricted access to the repository.
**
@@ -1234,11 +1231,10 @@
static const char *azName[] = {
"autosync",
"diff-command",
"editor",
"gdiff-command",
- "inherit-anon",
"localauth",
"clearsign",
"pgp-command",
"proxy",
"web-browser",
Modified src/login.c from [1a6cb22669] to [e06e3ddfda].
@@ -66,31 +66,43 @@
}
return zCookieName;
}
/*
+** Redirect to the page specified by the "g" query parameter.
+** Or if there is no "g" query parameter, redirect to the homepage.
+*/
+static void redirect_to_g(void){
+ const char *zGoto = P("g");
+ if( zGoto ){
+ cgi_redirect(zGoto);
+ }else{
+ fossil_redirect_home();
+ }
+}
+
+/*
** WEBPAGE: /login
** WEBPAGE: /logout
**
** Generate the login page
*/
void login_page(void){
- const char *zUsername, *zPasswd, *zGoto;
+ const char *zUsername, *zPasswd;
const char *zNew1, *zNew2;
const char *zAnonPw = 0;
int anonFlag;
char *zErrMsg = "";
login_check_credentials();
zUsername = P("u");
zPasswd = P("p");
- zGoto = PD("g","index");
anonFlag = P("anon")!=0;
if( P("out")!=0 ){
const char *zCookieName = login_cookie_name();
cgi_set_cookie(zCookieName, "", 0, -86400);
- cgi_redirect(zGoto);
+ redirect_to_g();
}
if( g.okPassword && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){
if( db_int(1, "SELECT 0 FROM user"
" WHERE uid=%d AND pw=%Q", g.userUid, zPasswd) ){
sleep(1);
@@ -109,11 +121,11 @@
;
}else{
db_multi_exec(
"UPDATE user SET pw=%Q WHERE uid=%d", zNew1, g.userUid
);
- cgi_redirect(zGoto);
+ redirect_to_g();
return;
}
}
if( zUsername!=0 && zPasswd!=0 && zPasswd[0]!=0 ){
int uid = db_int(0,
@@ -142,11 +154,11 @@
"UPDATE user SET cookie=%Q, ipaddr=%Q, "
" cexpire=julianday('now')+%d/86400.0 WHERE uid=%d",
zCookie, zIpAddr, expires, uid
);
}
- cgi_redirect(zGoto);
+ redirect_to_g();
}
}
style_header("Login/Logout");
@ %s(zErrMsg)
@ <form action="login" method="POST">
@@ -323,16 +335,16 @@
void login_set_capabilities(const char *zCap){
static char *zDev = 0;
int i;
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
- case 's': g.okSetup = 1;
+ case 's': g.okSetup = 1; /* Fall thru into Admin */
case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt =
g.okRdWiki = g.okWrWiki = g.okNewWiki =
g.okApndWiki = g.okHistory = g.okClone =
g.okNewTkt = g.okPassword = g.okRdAddr =
- g.okTktFmt = 1;
+ g.okTktFmt = 1; /* Fall thru into Read/Write */
case 'i': g.okRead = g.okWrite = 1; break;
case 'o': g.okRead = 1; break;
case 'z': g.okZip = 1; break;
case 'd': g.okDelete = 1; break;
Modified src/setup.c from [5836f2e874] to [02f0a51bf7].
@@ -618,23 +618,17 @@
db_begin_transaction();
@ <form action="%s(g.zBaseURL)/setup_access" method="POST">
login_insert_csrf_secret();
@ <hr>
onoff_attribute("Require password for local access",
- "localauth", "localauth", 1);
+ "localauth", "localauth", 0);
@ <p>When enabled, the password sign-in is required for
@ web access coming from 127.0.0.1. When disabled, web access
@ from 127.0.0.1 is allows without any login - the user id is selected
@ from the ~/.fossil database. Password login is always required
@ for incoming web connections on internet addresses other than
@ 127.0.0.1.</p></li>
-
- @ <hr>
- onoff_attribute("Inherit capabilities from anonymous user",
- "inherit-anon", "inherit-anon", 0);
- @ <p>When enabled, all web users inherit capabilities from
- @ "anonymous", as well as from "nobody".</p></li>
@ <hr>
entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766");
@ <p>The number of hours for which a login is valid. This must be a
@ positive number. The default is 8760 hours which is approximately equal
Modified src/xfer.c from [0092468c7d] to [7e978b3ecc].
@@ -725,14 +725,10 @@
@ error not\sauthorized\sto\spush\sconfiguration
nErr++;
break;
}
if( zName[0]!='@' ){
- if( !recvConfig ){
- configure_prepare_to_receive(0);
- recvConfig = 1;
- }
db_multi_exec(
"REPLACE INTO config(name,value) VALUES(%Q,%Q)",
zName, blob_str(&content)
);
}else{
@@ -739,10 +735,14 @@
/* Notice that we are evaluating arbitrary SQL received from the
** client. But this can only happen if the client has authenticated
** as an administrator, so presumably we trust the client at this
** point.
*/
+ if( !recvConfig ){
+ configure_prepare_to_receive(0);
+ recvConfig = 1;
+ }
db_multi_exec("%s", blob_str(&content));
}
blob_reset(&content);
blob_seek(xfer.pIn, 1, BLOB_SEEK_CUR);
}else