X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=a2975199a14a65cbbf5266759e9de6b92bf62cc9;hp=6a3bb9d2285e874811e457962f3ef9a3350dc9cd;hb=d8f2e2818a90ea2fa2ce60985f613875b5e52f7c;hpb=0704efd691abd3aa156ab6295f6d98e5d7b1a506

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 6a3bb9d..a297519 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -387,7 +387,8 @@ sub srcdump_dirscan_prepare ($$) {
     close $reportfh or die $!;
     srcdump_install($c,$v, $dumpdir, 'licence', 'text/plain');
     $!=0;
-    my @cmd = (qw(tar -zvvcf), "$dumpdir/source.tmp",
+    my @cmd = (qw(sh -ec), 'exec >&2 "$@"', qw(x),
+               qw(tar -zvvcf), "$dumpdir/source.tmp",
 	       "-C", $dumpdir, qw(  --), @srcfiles);
     my $r = system(@cmd);
     if ($r) {
@@ -478,11 +479,11 @@ sub new_verifier {
 	    },
 	    srcdump_process_item => \&srcdump_process_item,
 	    srcdump_vcs_dirs => [qw(.git .hg .bzr .svn)],
-	    srcdump_vcsscript => [git => "
+	    srcdump_vcsscript => {git => "
                  git ls-files -z
                  git ls-files -z --others --exclude-from=.gitignore
                  find .git -print0
-                            "],
+                            "},
 	    srcdump_byvcs => \&srcdump_byvcs,
 	    srcdump_novcs => \&srcdump_novcs,
 	    srcdump_excludes => [qw(*~ *.bak *.tmp), '#*#'],
@@ -501,14 +502,14 @@ sub new_verifier {
 	$verifier->{S}{$k} = $v;
     }
     $verifier->{S}{db_setup_stmts} //=
-	["CREATE TABLE $v->{S}{db_prefix}_assocs (".
+	["CREATE TABLE $verifier->{S}{db_prefix}_assocs (".
 	 " assochash VARCHAR PRIMARY KEY,".
 	 " username VARCHAR NOT NULL,".
 	 " last INTEGER NOT NULL".
 	 ")"
 	 ,
-	 "CREATE INDEX $v->{S}{db_prefix}_assocs_timeout_index".
-	 " ON $v->{S}{db_prefix}_assocs".
+	 "CREATE INDEX $verifier->{S}{db_prefix}_assocs_timeout_index".
+	 " ON $verifier->{S}{db_prefix}_assocs".
 	 " (last)"
 	];
     bless $verifier, $class;
@@ -787,21 +788,23 @@ sub _check_divert_core ($) {
 	die if $srcdump =~ m/\W/;
 	return ({ Kind => 'SRCDUMP-'.uc $srcdump,
 		  Message => undef,
-		  CookieSecret => undef,
+		  _CookieRaw => undef,
 		  Params => { } });
     }
 
-    my $cooks = $r->_ch('get_cookie');
+    my $cooksraw = $r->_ch('get_cookie');
+    my $cooks = $r->_unblind($cooksraw);
 
     if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) {
         return ({ Kind => 'REDIRECT-HTTPS',
                   Message => $r->_gt("Redirecting to secure server..."),
-                  CookieSecret => undef,
+                  _CookieRaw => undef,
                   Params => { } });
     }
 
     my $meth = $r->_ch('get_method');
-    my $parmh = $r->_rp('assoc_param_name');
+    my $parmhraw = $r->_rp('assoc_param_name');
+    my $parmh = $r->_unblind($parmhraw);
     my $cookh = defined $cooks ? $r->hash($cooks) : undef;
 
     my ($cookt,$cooku) = $r->_identify($cookh, $cooks);
@@ -818,8 +821,10 @@ sub _check_divert_core ($) {
 	$r->_db_revoke($parmh);
 	return ({ Kind => 'REDIRECT-LOGGEDOUT',
 		  Message => $r->_gt("Logging out..."),
-		  CookieSecret => '',
-		  Params => { } });
+		  _CookieRaw => '',
+		  Params => {
+		      $r->{S}{loggedout_param_names}[0] => [ 1 ],
+		  } });
     }
     if ($r->_ch('is_loggedout')) {
 	die unless $meth eq 'GET';
@@ -827,7 +832,7 @@ sub _check_divert_core ($) {
 	die if $parmt;
 	return ({ Kind => 'SMALLPAGE-LOGGEDOUT',
 		  Message => $r->_gt("You have been logged out."),
-		  CookieSecret => '',
+		  _CookieRaw => '',
 		  Params => { } });
     }
     if ($r->_ch('is_login')) {
@@ -838,15 +843,15 @@ sub _check_divert_core ($) {
                       Message => $r->_gt("You do not seem to have cookies".
                                          " enabled.  You must enable cookies".
                                          " as we use them for login."),
-                      CookieSecret => $r->_fresh_secret(),
-                      Params => $r->_chain_params() })
+                      _CookieRaw => $r->_fresh_secret(),
+                      Params => $r->chain_params() })
         }
         if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) {
             $r->_db_revoke($cookh);
             return ({ Kind => 'LOGIN-STALE',
                       Message => $r->_gt("Stale session;".
                                          " you need to log in again."),
-                      CookieSecret => $r->_fresh_secret(),
+                      _CookieRaw => $r->_fresh_secret(),
                       Params => { } })
         }
 	die unless $parmt eq 't' || $parmt eq 'y';
@@ -856,14 +861,14 @@ sub _check_divert_core ($) {
                 if !$login_errormessage;
             return ({ Kind => 'LOGIN-BAD',
                       Message => $login_errormessage,
-                      CookieSecret => $cooks,
-                      Params => $r->_chain_params() })
+                      _CookieRaw => $cooks,
+                      Params => $r->chain_params() })
         }
 	$r->_db_record_login_ok($parmh,$username);
 	return ({ Kind => 'REDIRECT-LOGGEDIN',
 		  Message => $r->_gt("Logging in..."),
-		  CookieSecret => $cooks,
-		  Params => $r->_chain_params() });
+		  _CookieRaw => $cooks,
+		  Params => $r->chain_params() });
     }
     if ($cookt eq 't') {
 	$cookt = '';
@@ -882,13 +887,13 @@ sub _check_divert_core ($) {
 	if ($meth eq 'GET') {
 	    return ({ Kind => 'LOGIN-INCOMINGLINK',
 		      Message => $r->_gt("You need to log in."),
-		      CookieSecret => $news,
-		      Params => $r->_chain_params() });
+		      _CookieRaw => $news,
+		      Params => $r->chain_params() });
 	} else {
 	    $r->_db_revoke($parmh);
 	    return ({ Kind => 'LOGIN-FRESH',
                       Message => $r->_gt("You need to log in."),
-                      CookieSecret => $news,
+                      _CookieRaw => $news,
                       Params => { } });
 	}
     }
@@ -897,7 +902,7 @@ sub _check_divert_core ($) {
 	if ($meth ne 'POST') {
 	    return ({ Kind => 'MAINPAGEONLY',
 		      Message => $r->_gt('Entering via cross-site link.'),
-		      CookieSecret => $cooks,
+		      _CookieRaw => $cooks,
 		      Params => { } });
 	    # NB caller must then ignore params & path!
 	    # if this is too hard they can spit out a small form
@@ -911,20 +916,13 @@ sub _check_divert_core ($) {
         die unless $cookh eq $parmh;
     }
     $r->{ParmT} = $parmt;
-    $r->{AssocSecret} = $cooks;
+    $r->{AssocRaw} = $cooks;
     $r->{UserOK} = $cooku;
 #print STDERR "C-D-C OK\n";
     return undef;
 }
 
-sub _chain_params ($) {
-# =item C<< $authreq->_chain_params() >>
-#
-# Returns a hash of the "relevant" parameters to this request, in a form
-# used by C<url_with_query_params>.  This is all of the query parameters
-# which are not related to CGI::Auth::Flexible.  The PATH_INFO from the
-# request is returned as the parameter C<< '' >>.
-
+sub chain_params ($) {
     my ($r) = @_;
     my %p = %{ $r->_ch('get_params') };
     foreach my $pncn (keys %{ $r->{S} }) {
@@ -1030,8 +1028,18 @@ sub check_divert ($) {
     my $dbh = $r->{Dbh};
     $r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
     $dbh->commit();
-    $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)]));
-    return $r->{Divert};
+
+    my $divert = $r->{Divert};
+    my $cookraw = $divert && $divert->{_CookieRaw};
+    if ($cookraw) {
+        $divert->{CookieSecret} = $r->_blind($cookraw);
+	$divert->{Params}{$r->{S}{assoc_param_name}} = [
+	    $r->_blind($r->hash($cookraw))
+	    ];
+    }
+
+    $r->_debug(Data::Dumper->Dump([$divert],[qw(divert)]));
+    return $divert;
 }
 
 sub get_divert ($) {
@@ -1091,9 +1099,6 @@ sub check_ok ($) {
 	# for redirects, we honour stored Params and Cookie,
 	# as we would for non-divert
 	if ($kind eq 'REDIRECT-LOGGEDOUT') {
-	    $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
-	} elsif ($kind eq 'REDIRECT-LOGOUT') {
-	    $params->{$r->{S}{logout_param_names}[0]} = [ 1 ];
 	} elsif ($kind =~ m/REDIRECT-(?:LOGGEDIN|HTTPS)/) {
 	} else {
 	    die;
@@ -1109,10 +1114,6 @@ sub check_ok ($) {
 	return 0;
     }
 
-    if (defined $cookiesecret) {
-        $params->{$r->{S}{assoc_param_name}} = [ $r->hash($cookiesecret) ];
-    }
-
     my ($title, @body);
     if ($kind =~ m/^LOGIN-/) {
 	$title = $r->_gt('Login');
@@ -1155,6 +1156,40 @@ sub _random ($$) {
     return $out;
 }
 
+sub _blind_len ($$) {
+    my ($r, $str) = @_;
+    return length($str =~ y/0-9a-f//cdr);
+}
+
+sub _blind_combine ($$$) {
+    my ($r, $in, $mask) = @_;
+    my @mask = split //, $mask;
+    $in =~ s{[0-9a-f]}{
+        my $m = shift @mask;
+        sprintf "%x", hex($m) ^ hex($&);
+    }ge;
+    return $in;
+}
+
+sub _blind ($$) {
+    my ($r, $in) = @_;
+    return $in unless $in;
+    my $l = $r->_blind_len($in);
+    my $mask = $r->_random(($l+1)>>1);
+    $mask = substr $mask, 0, $l;
+    my $blound = $r->_blind_combine($in, $mask);
+    return "$blound.$mask";
+}
+
+sub _unblind ($$) {
+    my ($r, $in) = @_;
+    return $in unless $in;
+    my ($blound,$mask) = ($in =~ m#^(.*)\.([0-9a-f]+)$#) or die "$in ?";
+    my $l = $r->_blind_len($blound);
+    $l == length($mask) or die "$in ?";
+    return $r->_blind_combine($blound, $mask);
+}
+
 sub _random_key ($) {
     my ($r) = @_;
 #print STDERR "_random_key\n";
@@ -1336,13 +1371,13 @@ sub check_nonpage ($$) {
 sub secret_cookie_val ($) {
     my ($r) = @_;
     $r->_assert_checked();
-    return defined $r->{AssocSecret} ? $r->{AssocSecret} : '';
+    return defined $r->{AssocRaw} ? $r->_blind($r->{AssocRaw}) : '';
 }
 
 sub secret_hidden_val ($) {
     my ($r) = @_;
     $r->_assert_checked();
-    return defined $r->{AssocSecret} ? $r->hash($r->{AssocSecret}) : '';
+    return defined $r->{AssocRaw} ? $r->_blind($r->hash($r->{AssocRaw})) : '';
 }
 
 sub secret_hidden_html ($) {