Fossil

Check-in [e8b76a69]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Remove some debug/test printfs that were mistakenly left in the previous commit.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | experimental
Files: files | file ages | folders
SHA1:e8b76a69ae48bed2502194d43a78dde483d36e04
User & Date: drh 2010-01-09 22:34:15
Context
2010-01-10
00:07
Fixes to the configurable "report list". Load the correct default TH script when no report list script is specified. Send and receive the report list TH script together with other ticket configuration scripts. check-in: cd93f596 user: drh tags: experimental
2010-01-09
22:34
Remove some debug/test printfs that were mistakenly left in the previous commit. check-in: e8b76a69 user: drh tags: experimental
22:03
Store passwords in USER.PW as either cleartext (as is done in legacy) or as the SHA1 hash of the password. When changing a password or adding a new user, always use the SHA1 hash password. check-in: cfe33dcf user: drh tags: experimental
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/xfer.c.

402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
...
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
    szPw = blob_size(&pw);
    blob_zero(&combined);
    blob_copy(&combined, pNonce);
    blob_append(&combined, blob_buffer(&pw), szPw);
    sha1sum_blob(&combined, &hash);
    assert( blob_size(&hash)==40 );
    rc = blob_compare(&hash, pSig);
fprintf(stderr,"login card %s for %s with szpw=%d\n",rc?"miss":"hit",zLogin,szPw);
    blob_reset(&hash);
    blob_reset(&combined);
    if( rc!=0 && szPw!=40 ){
      /* If this server stores cleartext passwords and the password did not
      ** match, then perhaps the client is sending SHA1 passwords.  Try
      ** again with the SHA1 password.
      */
................................................................................
      sha1sum_blob(&pw, &pw);
      blob_zero(&combined);
      blob_copy(&combined, pNonce);
      blob_append(&combined, blob_buffer(&pw), blob_size(&pw));
      blob_reset(&pw);
      sha1sum_blob(&combined, &hash);
      rc = blob_compare(&hash, pSig);
fprintf(stderr,"login card %s for %s after pw hashing\n",rc?"miss":"hit",zLogin);
      blob_reset(&hash);
      blob_reset(&combined);
    }
    if( rc==0 ){
      const char *zCap;
      zCap = db_column_text(&q, 1);
      login_set_capabilities(zCap);







<







 







<







402
403
404
405
406
407
408

409
410
411
412
413
414
415
...
418
419
420
421
422
423
424

425
426
427
428
429
430
431
    szPw = blob_size(&pw);
    blob_zero(&combined);
    blob_copy(&combined, pNonce);
    blob_append(&combined, blob_buffer(&pw), szPw);
    sha1sum_blob(&combined, &hash);
    assert( blob_size(&hash)==40 );
    rc = blob_compare(&hash, pSig);

    blob_reset(&hash);
    blob_reset(&combined);
    if( rc!=0 && szPw!=40 ){
      /* If this server stores cleartext passwords and the password did not
      ** match, then perhaps the client is sending SHA1 passwords.  Try
      ** again with the SHA1 password.
      */
................................................................................
      sha1sum_blob(&pw, &pw);
      blob_zero(&combined);
      blob_copy(&combined, pNonce);
      blob_append(&combined, blob_buffer(&pw), blob_size(&pw));
      blob_reset(&pw);
      sha1sum_blob(&combined, &hash);
      rc = blob_compare(&hash, pSig);

      blob_reset(&hash);
      blob_reset(&combined);
    }
    if( rc==0 ){
      const char *zCap;
      zCap = db_column_text(&q, 1);
      login_set_capabilities(zCap);