Differences From:
File
src/login.c
part of check-in
[22c1ac41d4]
- Add separate "clone" permissions. Previously, one needed "History"
premission in order to clone. But sometimes we want to grant clone
without granting history.
by
drh on
2007-08-23 19:52:19.
[view]
To:
File
src/login.c
part of check-in
[d2b4469934]
- Append the pathname to the login cookie name so that separate cookies
are used for each server.
by
drh on
2007-11-21 13:52:26.
Also file
src/login.c
part of check-in
[d0305b305a]
- Merged mainline into my branch to get the newest application.
by
aku on
2007-12-05 08:07:46.
[view]
@@ -45,15 +45,27 @@
** has ever existed, and things like that.
*/
#include "config.h"
#include "login.h"
+#ifdef __MINGW32__
+# include <windows.h> /* for Sleep */
+# define sleep Sleep /* windows does not have sleep, but Sleep */
+#endif
#include <time.h>
/*
** Return the name of the login cookie
*/
static char *login_cookie_name(void){
- return "fossil_login";
+ static char *zCookieName = 0;
+ if( zCookieName==0 ){
+ int n = strlen(g.zTop);
+ zCookieName = malloc( n*2+16 );
+ /* 0123456789 12345 */
+ strcpy(zCookieName, "fossil_login_");
+ encode16((unsigned char*)g.zTop, (unsigned char*)&zCookieName[13], n);
+ }
+ return zCookieName;
}
/*
** WEBPAGE: /login
@@ -225,10 +237,9 @@
** local login is disabled, then there is no need to check
** user credentials.
*/
zRemoteAddr = PD("REMOTE_ADDR","nil");
- if( strcmp(zRemoteAddr, "127.0.0.1")==0
- && db_get_int("authenticate-localhost",1)==0 ){
+ if( strcmp(zRemoteAddr, "127.0.0.1")==0 && db_get_int("localauth",0)==0 ){
uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'");
g.zLogin = db_text("?", "SELECT login FROM user WHERE uid=%d", uid);
zCap = "s";
g.noPswd = 1;
@@ -285,12 +296,13 @@
void login_set_capabilities(const char *zCap){
int i;
for(i=0; zCap[i]; i++){
switch( zCap[i] ){
- case 's': g.okSetup = g.okDelete = 1;
+ case 's': g.okSetup = 1;
case 'a': g.okAdmin = g.okRdTkt = g.okWrTkt = g.okQuery =
- g.okRdWiki = g.okWrWiki = g.okHistory =
- g.okNewTkt = g.okPassword = g.okClone = 1;
+ g.okRdWiki = g.okWrWiki = g.okNewWiki =
+ g.okApndWiki = g.okHistory = g.okClone =
+ g.okNewTkt = g.okPassword = g.okRdAddr = 1;
case 'i': g.okRead = g.okWrite = 1; break;
case 'o': g.okRead = 1; break;
case 'd': g.okDelete = 1; break;
@@ -303,15 +315,51 @@
case 'k': g.okWrWiki = g.okRdWiki = g.okApndWiki =1; break;
case 'm': g.okApndWiki = 1; break;
case 'f': g.okNewWiki = 1; break;
+ case 'e': g.okRdAddr = 1; break;
case 'r': g.okRdTkt = 1; break;
case 'n': g.okNewTkt = 1; break;
case 'w': g.okWrTkt = g.okRdTkt = g.okNewTkt =
g.okApndTkt = 1; break;
case 'c': g.okApndTkt = 1; break;
}
}
+}
+
+/*
+** If the current login lacks any of the capabilities listed in
+** the input, then return 0. If all capabilities are present, then
+** return 1.
+*/
+int login_has_capability(const char *zCap, int nCap){
+ int i;
+ int rc = 1;
+ if( nCap<0 ) nCap = strlen(zCap);
+ for(i=0; i<nCap && rc && zCap[i]; i++){
+ switch( zCap[i] ){
+ case 'a': rc = g.okAdmin; break;
+ case 'c': rc = g.okApndTkt; break;
+ case 'd': rc = g.okDelete; break;
+ case 'e': rc = g.okRdAddr; break;
+ case 'f': rc = g.okNewWiki; break;
+ case 'g': rc = g.okClone; break;
+ case 'h': rc = g.okHistory; break;
+ case 'i': rc = g.okWrite; break;
+ case 'j': rc = g.okRdWiki; break;
+ case 'k': rc = g.okWrWiki; break;
+ case 'm': rc = g.okApndWiki; break;
+ case 'n': rc = g.okNewTkt; break;
+ case 'o': rc = g.okRead; break;
+ case 'p': rc = g.okPassword; break;
+ case 'q': rc = g.okQuery; break;
+ case 'r': rc = g.okRdTkt; break;
+ case 's': rc = g.okSetup; break;
+ case 'w': rc = g.okWrTkt; break;
+ default: rc = 0; break;
+ }
+ }
+ return rc;
}
/*
** Call this routine when the credential check fails. It causes