Differences From:
File
src/http.c
part of check-in
[9a23c348b1]
- Infrastructure in place on the client side to encrypt sync traffic. This is
mostly untested so far because we do not yet have a server that understands
encrypted traffic.
by
drh on
2009-03-27 14:32:33.
[view]
To:
File
src/http.c
part of check-in
[09d6a6eb16]
- If no userid is specified in the URL then the client omits the login card
from its request.
by
drh on
2009-03-29 11:41:52.
[view]
@@ -348,27 +348,23 @@
const char *zSep;
int i;
int cnt = 0;
- /* Compute the login card. This card is of the form:
+ /* If a userid is specified in the URL, then compute the corresponding
+ ** login card. This card is of the form:
**
** login USERID NONCE SIGNATURE
**
** The NONCE is a unique string - never to be reused. In this case,
** the nonce is the SHA1 hash of the rest of the payload. The SIGNATURE
** is the SHA1 hash of the NONCE and the user password concatenated.
*/
- blob_zero(&nonce);
- blob_zero(&pw);
- sha1sum_blob(pSend, &nonce);
- blob_copy(&pw, &nonce);
blob_zero(&login);
- if( g.urlUser==0 ){
- user_select();
- db_blob(&pw, "SELECT pw FROM user WHERE uid=%d", g.userUid);
- sha1sum_blob(&pw, &sig);
- blob_appendf(&login, "login %s %b %b\n", g.zLogin, &nonce, &sig);
- }else{
+ if( g.urlUser ){
+ blob_zero(&nonce);
+ blob_zero(&pw);
+ sha1sum_blob(pSend, &nonce);
+ blob_copy(&pw, &nonce);
if( g.urlPasswd==0 ){
if( strcmp(g.urlUser,"anonymous")!=0 ){
char *zPrompt = mprintf("password for %s: ", g.urlUser);
Blob x;
@@ -382,12 +378,14 @@
blob_append(&pw, g.urlPasswd, -1);
/* printf("presig=[%s]\n", blob_str(&pw)); */
sha1sum_blob(&pw, &sig);
blob_appendf(&login, "login %s %b %b\n", g.urlUser, &nonce, &sig);
- }
- blob_reset(&nonce);
- blob_reset(&pw);
- blob_reset(&sig);
+ blob_reset(&nonce);
+ blob_reset(&pw);
+ blob_reset(&sig);
+ }else{
+ g.urlPasswd = "";
+ }
/* Construct the payload, which includes the login card.
*/
if( g.fHttpSecure && g.urlPasswd[0] ){