Fossil: Check-in [09d6a6eb16]

Overview

SHA1 Hash: 09d6a6eb1623e3cfb14b00c103ba00889938e88a

Date: 2009-03-29 11:41:52

User: drh

Edited Comment: If no userid is specified in the URL then the client omits the login card from its request.

Original Comment: If no userid is specified in the URL then the client omits the login card from its request.

Timelines: ancestors | descendants | both | experimental

Other Links: files | ZIP archive | manifest

SHA1 Hash:	09d6a6eb1623e3cfb14b00c103ba00889938e88a
Date:	2009-03-29 11:41:52
User:	drh
Edited Comment:	If no userid is specified in the URL then the client omits the login card from its request.
Original Comment:	If no userid is specified in the URL then the client omits the login card from its request.
Timelines:	ancestors \| descendants \| both \| experimental
Other Links:	files \| ZIP archive \| manifest

Tags And Properties

bgcolor=#ffc0d0 inherited from [5468ec7c5e]
branch=experimental inherited from [5468ec7c5e]
closed added by [f825126a0f] on 2009-03-30 00:40:21
comment=If no userid is specified in the URL then the client omits the login card from its request. added by [f825126a0f] on 2009-03-30 00:40:21
sym-experimental inherited from [5468ec7c5e]

Changes

[hide diffs]

Modified src/http.c from [2a16b7f520] to [c7f9d7fa7d].

@@ -347,29 +347,25 @@
   Blob hdr;        /* The HTTP request header */
   const char *zSep;
   int i;
   int cnt = 0;
 
-  /* Compute the login card.  This card is of the form:
+  /* If a userid is specified in the URL, then compute the corresponding
+  ** login card.  This card is of the form:
   **
   **      login USERID NONCE SIGNATURE
   **
   ** The NONCE is a unique string - never to be reused.  In this case,
   ** the nonce is the SHA1 hash of the rest of the payload.  The SIGNATURE
   ** is the SHA1 hash of the NONCE and the user password concatenated.
   */
-  blob_zero(&nonce);
-  blob_zero(&pw);
-  sha1sum_blob(pSend, &nonce);
-  blob_copy(&pw, &nonce);
   blob_zero(&login);
-  if( g.urlUser==0 ){
-    user_select();
-    db_blob(&pw, "SELECT pw FROM user WHERE uid=%d", g.userUid);
-    sha1sum_blob(&pw, &sig);
-    blob_appendf(&login, "login %s %b %b\n", g.zLogin, &nonce, &sig);
-  }else{
+  if( g.urlUser ){
+    blob_zero(&nonce);
+    blob_zero(&pw);
+    sha1sum_blob(pSend, &nonce);
+    blob_copy(&pw, &nonce);
     if( g.urlPasswd==0 ){
       if( strcmp(g.urlUser,"anonymous")!=0 ){
         char *zPrompt = mprintf("password for %s: ", g.urlUser);
         Blob x;
         prompt_for_password(zPrompt, &x, 0);
@@ -381,14 +377,16 @@
     }
     blob_append(&pw, g.urlPasswd, -1);
     /* printf("presig=[%s]\n", blob_str(&pw)); */
     sha1sum_blob(&pw, &sig);
     blob_appendf(&login, "login %s %b %b\n", g.urlUser, &nonce, &sig);
-  }
-  blob_reset(&nonce);
-  blob_reset(&pw);
-  blob_reset(&sig);
+    blob_reset(&nonce);
+    blob_reset(&pw);
+    blob_reset(&sig);
+  }else{
+    g.urlPasswd = "";
+  }
 
   /* Construct the payload, which includes the login card.
   */
   if( g.fHttpSecure && g.urlPasswd[0] ){
     blob_compress(pSend, pSend);