Overview
| SHA1 Hash: | 60212796377638c9444935d8e80a9cdac819a0ed |
|---|---|
| Date: | 2009-09-11 23:04:50 |
| User: | drh |
| Comment: | Make sure that "nobody" and "anonymous" privileges by users who attempt to sync with higher privileges. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/login.c from [97ffb4096e] to [1773187215].
@@ -296,12 +296,10 @@
void login_check_credentials(void){
int uid = 0; /* User id */
const char *zCookie; /* Text of the login cookie */
const char *zRemoteAddr; /* IP address of the requestor */
const char *zCap = 0; /* Capability string */
- const char *zNcap; /* Capabilities of user "nobody" */
- const char *zAcap; /* Capabllities of user "anonymous" */
/* Only run this check once. */
if( g.userUid!=0 ) return;
@@ -362,47 +360,69 @@
blob_reset(&b);
}
sqlite3_snprintf(sizeof(g.zCsrfToken), g.zCsrfToken, "%.10s", zCookie);
}
+ /* If no user found yet, try to log in as "nobody" */
if( uid==0 ){
uid = db_int(0, "SELECT uid FROM user WHERE login='nobody'");
if( uid==0 ){
+ /* If there is no user "nobody", then make one up - with no privileges */
uid = -1;
zCap = "";
}
strcpy(g.zCsrfToken, "none");
}
+
+ /* At this point, we know that uid!=0. Find the privileges associated
+ ** with user uid.
+ */
+ assert( uid!=0 );
if( zCap==0 ){
- if( uid ){
- Stmt s;
- db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid);
- if( db_step(&s)==SQLITE_ROW ){
- g.zLogin = db_column_malloc(&s, 0);
- zCap = db_column_malloc(&s, 1);
- }
- db_finalize(&s);
+ Stmt s;
+ db_prepare(&s, "SELECT login, cap FROM user WHERE uid=%d", uid);
+ if( db_step(&s)==SQLITE_ROW ){
+ g.zLogin = db_column_malloc(&s, 0);
+ zCap = db_column_malloc(&s, 1);
}
+ db_finalize(&s);
if( zCap==0 ){
zCap = "";
}
}
+
+ /* Set the global variables recording the userid and login. The
+ ** "nobody" user is a special case in that g.zLogin==0.
+ */
g.userUid = uid;
if( g.zLogin && strcmp(g.zLogin,"nobody")==0 ){
g.zLogin = 0;
}
- if( uid && g.zLogin ){
+
+ /* Set the capabilities */
+ login_set_capabilities(zCap);
+ login_set_anon_nobody_capabilities();
+}
+
+/*
+** Add the default privileges of users "nobody" and "anonymous" as appropriate
+** for the user g.zLogin.
+*/
+void login_set_anon_nobody_capabilities(void){
+ static int once = 1;
+ if( g.zLogin && once ){
+ const char *zCap;
/* All logged-in users inherit privileges from "nobody" */
- zNcap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'");
- login_set_capabilities(zNcap);
+ zCap = db_text("", "SELECT cap FROM user WHERE login = 'nobody'");
+ login_set_capabilities(zCap);
if( strcmp(g.zLogin, "anonymous")!=0 ){
/* All logged-in users inherit privileges from "anonymous" */
- zAcap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'");
- login_set_capabilities(zAcap);
+ zCap = db_text("", "SELECT cap FROM user WHERE login = 'anonymous'");
+ login_set_capabilities(zCap);
}
- }
- login_set_capabilities(zCap);
+ once = 0;
+ }
}
/*
** Set the global capability flags based on a capability string.
*/
Modified src/xfer.c from [9487497f92] to [5dff3de1ae].
@@ -382,13 +382,18 @@
** Signature generation on the client side is handled by the
** http_exchange() routine.
*/
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
- int rc;
-
- db_prepare(&q, "SELECT pw, cap, uid FROM user WHERE login=%B", pLogin);
+ int rc = -1;
+
+ db_prepare(&q,
+ "SELECT pw, cap, uid FROM user"
+ " WHERE login=%B"
+ " AND length(pw)>0",
+ pLogin
+ );
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);
blob_zero(&combined);
@@ -407,10 +412,15 @@
g.zLogin = mprintf("%b", pLogin);
g.zNonce = mprintf("%b", pNonce);
}
}
db_finalize(&q);
+
+ if( rc==0 ){
+ /* If the login was successful. */
+ login_set_anon_nobody_capabilities();
+ }
}
/*
** Send the content of all files in the unsent table.
**