X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=e52441b802b1647dff1f927fd7018ee7aa959827;hp=a141877df270f8c6a111fe125ffd85230ad50b57;hb=4b63ec666089ffd49b6b83c787a3a9a980bcf6a9;hpb=ec2fdb61f044bb0db25602faae2a4f2c1400791e diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index a141877..e52441b 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -387,7 +387,8 @@ sub srcdump_dirscan_prepare ($$) { close $reportfh or die $!; srcdump_install($c,$v, $dumpdir, 'licence', 'text/plain'); $!=0; - my @cmd = (qw(tar -zvvcf), "$dumpdir/source.tmp", + my @cmd = (qw(sh -ec), 'exec >&2 "$@"', qw(x), + qw(tar -zvvcf), "$dumpdir/source.tmp", "-C", $dumpdir, qw( --), @srcfiles); my $r = system(@cmd); if ($r) { @@ -700,7 +701,6 @@ sub construct_cookie ($$$) { # any - POST nrmuoi bug or attack, fail # any - GET rmuoi bug or attack, fail # any any GET muoi bug or attack, fail - # any t any nrmu bug or attack, fail # # - - GET O "just logged out" page # (any other) O bug or attack, fail @@ -745,38 +745,38 @@ sub construct_cookie ($$$) { # revoke y2 # treat as y1 n POST # - # y n GET n intra-site link from stale page, + # y nt GET n intra-site link from stale page, # treat as cross-site link, show data # - # y n POST n m intra-site form submission from stale page + # y nt POST n m intra-site form submission from stale page # show "session interrupted" # with link to main data page # - # y n GET r intra-site request from stale page + # y nt GET r intra-site request from stale page # fail # - # y n POST r u intra-site request from stale page + # y nt POST r u intra-site request from stale page # fail # - # -/n y2 GET nr intra-site link from cleared session + # -n y2 GET nr intra-site link from cleared session # do not revoke y2 as not RESTful # treat as -/n n GET # - # -/n y2 POST nrmu request from cleared session + # -n y2 POST nrmu request from cleared session # revoke y2 # treat as -/n n POST # - # -/n -/n GET n cross-site link but user not logged in + # -nt -nt GET n cross-site link but user not logged in # show login form with redirect to orig params # generate fresh cookie # - # -/n n GET rmu user not logged in + # -nt nt GET rmu user not logged in # fail # - # -/n n POST n m user not logged in + # -nt nt POST n m user not logged in # show login form # - # -/n n POST r u user not logged in + # -nt nt POST r u user not logged in # fail sub _check_divert_core ($) { @@ -843,7 +843,7 @@ sub _check_divert_core ($) { " enabled. You must enable cookies". " as we use them for login."), _CookieRaw => $r->_fresh_secret(), - Params => $r->_chain_params() }) + Params => $r->chain_params() }) } if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) { $r->_db_revoke($cookh); @@ -861,18 +861,17 @@ sub _check_divert_core ($) { return ({ Kind => 'LOGIN-BAD', Message => $login_errormessage, _CookieRaw => $cooks, - Params => $r->_chain_params() }) + Params => $r->chain_params() }) } $r->_db_record_login_ok($parmh,$username); return ({ Kind => 'REDIRECT-LOGGEDIN', Message => $r->_gt("Logging in..."), _CookieRaw => $cooks, - Params => $r->_chain_params() }); + Params => $r->chain_params() }); } if ($cookt eq 't') { $cookt = ''; } - die if $parmt eq 't'; if ($cookt eq 'y' && $parmt eq 'y' && $cookh ne $parmh) { $r->_db_revoke($parmh) if $meth eq 'POST'; @@ -881,13 +880,13 @@ sub _check_divert_core ($) { if ($cookt ne 'y') { die unless !$cookt || $cookt eq 'n'; - die unless !$parmt || $parmt eq 'n' || $parmt eq 'y'; + die unless !$parmt || $parmt eq 't' || $parmt eq 'n' || $parmt eq 'y'; my $news = $r->_fresh_secret(); if ($meth eq 'GET') { return ({ Kind => 'LOGIN-INCOMINGLINK', Message => $r->_gt("You need to log in."), _CookieRaw => $news, - Params => $r->_chain_params() }); + Params => $r->chain_params() }); } else { $r->_db_revoke($parmh); return ({ Kind => 'LOGIN-FRESH', @@ -921,14 +920,7 @@ sub _check_divert_core ($) { return undef; } -sub _chain_params ($) { -# =item C<< $authreq->_chain_params() >> -# -# Returns a hash of the "relevant" parameters to this request, in a form -# used by C. This is all of the query parameters -# which are not related to CGI::Auth::Flexible. The PATH_INFO from the -# request is returned as the parameter C<< '' >>. - +sub chain_params ($) { my ($r) = @_; my %p = %{ $r->_ch('get_params') }; foreach my $pncn (keys %{ $r->{S} }) { @@ -1035,16 +1027,17 @@ sub check_divert ($) { $r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); }); $dbh->commit(); - my $cookraw = $r->{_CookieRaw}; - $r->{CookieSecret} = $r->_blind($cookraw); + my $divert = $r->{Divert}; + my $cookraw = $divert && $divert->{_CookieRaw}; if ($cookraw) { - $r->{Params}{$r->{S}{assoc_param_name}} = [ + $divert->{CookieSecret} = $r->_blind($cookraw); + $divert->{Params}{$r->{S}{assoc_param_name}} = [ $r->_blind($r->hash($cookraw)) ]; } - $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)])); - return $r->{Divert}; + $r->_debug(Data::Dumper->Dump([$divert],[qw(divert)])); + return $divert; } sub get_divert ($) { @@ -1183,13 +1176,13 @@ sub _blind ($$) { my $mask = $r->_random(($l+1)>>1); $mask = substr $mask, 0, $l; my $blound = $r->_blind_combine($in, $mask); - return "$blound/$mask"; + return "$blound.$mask"; } sub _unblind ($$) { my ($r, $in) = @_; return $in unless $in; - my ($blound,$mask) = ($in =~ m#^(.*)/([0-9a-f]+)$#) or die "$in ?"; + my ($blound,$mask) = ($in =~ m#^(.*)\.([0-9a-f]+)$#) or die "$in ?"; my $l = $r->_blind_len($blound); $l == length($mask) or die "$in ?"; return $r->_blind_combine($blound, $mask); @@ -1367,7 +1360,7 @@ sub check_nonpage ($$) { my ($r, $reqtype) = @_; $r->_assert_checked(); return unless $r->resource_get_needs_secret_hidden($reqtype); - return if $r->{ParmT}; + return if $r->{ParmT} eq 'y'; die "missing hidden secret parameter on nonpage request $reqtype"; }