Fossil

Check-in [f7861887]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in the schema definition that prevented new repositories from being created. On the server side, check the authentication hash using the appropriate hash algorithm.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | fossil-2.0
Files: files | file ages | folders
SHA1:f7861887d36f0e2c005ba377cd8b31d01990f9bf
User & Date: drh 2017-02-28 22:55:19
Context
2017-03-01
00:34
Avoid unnecessary SHA1 calls in the bundle.c module. check-in: 527d4edd user: drh tags: fossil-2.0
2017-02-28
22:55
Fix a bug in the schema definition that prevented new repositories from being created. On the server side, check the authentication hash using the appropriate hash algorithm. check-in: f7861887 user: drh tags: fossil-2.0
22:34
Fix the FOSSIL_VERSION_NUMBER macro so that it is always of the form XYYZZ X is the major version number (ex: 2) and YY is the minor version number and ZZ is the patch number, or 0. check-in: 2dce6a92 user: drh tags: fossil-2.0
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/schema.c.

117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
@ -- Each entry in the ALIAS table provides an alternative name by which an
@ -- artifact can be called.
@ --
@ CREATE TABLE alias(
@   hval TEXT,                      -- Hex-encoded hash value
@   htype ANY,                      -- Type of hash.
@   rid INTEGER REFERENCES blob,    -- Blob that this hash names
@   PRIMARY KEY(hval,htype,id)
@ ) WITHOUT ROWID;
@ CREATE INDEX alias_rid ON alias(rid);
@
@ -- Information about users
@ --
@ -- The user.pw field can be either cleartext of the password, or
@ -- a SHA1 hash of the password.  If the user.pw field is exactly 40







|







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
@ -- Each entry in the ALIAS table provides an alternative name by which an
@ -- artifact can be called.
@ --
@ CREATE TABLE alias(
@   hval TEXT,                      -- Hex-encoded hash value
@   htype ANY,                      -- Type of hash.
@   rid INTEGER REFERENCES blob,    -- Blob that this hash names
@   PRIMARY KEY(hval,htype,rid)
@ ) WITHOUT ROWID;
@ CREATE INDEX alias_rid ON alias(rid);
@
@ -- Information about users
@ --
@ -- The user.pw field can be either cleartext of the password, or
@ -- a SHA1 hash of the password.  If the user.pw field is exactly 40

Changes to src/xfer.c.

719
720
721
722
723
724
725
726
727



728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
    blob_appendf(pXfer->pOut, "gimme %s\n", zUuid);
    pXfer->nGimmeSent++;
  }
  db_finalize(&q);
}

/*
** Compute an SHA1 hash on the tail of pMsg.  Verify that it matches the
** the hash given in pHash.  Return non-zero for an error and 0 on success.



*/
static int check_tail_hash(Blob *pHash, Blob *pMsg){
  Blob tail;
  Blob h2;
  int rc;
  blob_tail(pMsg, &tail);
  sha1sum_blob(&tail, &h2);
  rc = blob_compare(pHash, &h2);
  blob_reset(&h2);
  blob_reset(&tail);
  return rc;
}

/*
** Check the signature on an application/x-fossil payload received by
** the HTTP server.  The signature is a line of the following form:
**
**        login LOGIN NONCE SIGNATURE







|

>
>
>






|
<
<

|







719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737


738
739
740
741
742
743
744
745
746
    blob_appendf(pXfer->pOut, "gimme %s\n", zUuid);
    pXfer->nGimmeSent++;
  }
  db_finalize(&q);
}

/*
** Compute an hash on the tail of pMsg.  Verify that it matches the
** the hash given in pHash.  Return non-zero for an error and 0 on success.
**
** The type of hash computed (SHA1, SHA3-224, SHA3-256) is determined by
** the length of the input hash in pHash.
*/
static int check_tail_hash(Blob *pHash, Blob *pMsg){
  Blob tail;
  Blob h2;
  int rc;
  blob_tail(pMsg, &tail);
  rc = hname_verify_hash(&tail, blob_buffer(pHash), blob_size(pHash));


  blob_reset(&tail);
  return rc==HNAME_ERROR;
}

/*
** Check the signature on an application/x-fossil payload received by
** the HTTP server.  The signature is a line of the following form:
**
**        login LOGIN NONCE SIGNATURE