Ignore:
Timestamp:
May 8, 2009, 2:35:23 PM (13 years ago)
Author:
charles
Message:

(1.5x) revert r8352; it's not a sufficient fix

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.5x/libtransmission/rpc-server.c

    r8352 r8357  
    3030#include "transmission.h"
    3131#include "bencode.h"
    32 #include "crypto.h"
    3332#include "list.h"
    3433#include "platform.h"
     
    5554    struct evhttp *    httpd;
    5655    tr_session *       session;
    57     char *             sessionId;
    5856    char *             username;
    5957    char *             password;
     
    448446}
    449447
    450 static char*
    451 session_id_new( void )
    452 {
    453     int i;
    454     const int n = 48;
    455     const char * pool = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    456     const size_t pool_size = strlen( pool );
    457     char * buf = tr_new( char, n+1 );
    458     for( i=0; i<n; ++i )
    459         buf[i] = pool[ tr_cryptoRandInt( pool_size ) ];
    460     buf[n] = '\0';
    461     return buf;
    462 }
    463 
    464 static tr_bool
    465 test_session_id( struct tr_rpc_server * server, struct evhttp_request * req )
    466 {
    467     char * needle = tr_strdup_printf( "session_id=%s", server->sessionId );
    468     const char * haystack = evhttp_find_header( req->input_headers, "Cookie" );
    469     const tr_bool success = (haystack!=NULL) && (strstr(haystack,needle)!=NULL);
    470     tr_free( needle );
    471     return success;
    472 }
    473 
    474 static void
    475 handle_request( struct evhttp_request * req, void * arg )
     448static void
     449handle_request( struct evhttp_request * req,
     450                void *                  arg )
    476451{
    477452    struct tr_rpc_server * server = arg;
     
    480455    {
    481456        const char * auth;
    482         char * user = NULL;
    483         char * pass = NULL;
    484         char * cookie;
     457        char *       user = NULL;
     458        char *       pass = NULL;
    485459
    486460        evhttp_add_header( req->output_headers, "Server", MY_REALM );
    487         cookie = tr_strdup_printf( "session_id=%s;Path=/;Discard", server->sessionId );
    488         evhttp_add_header( req->output_headers, "Set-Cookie", cookie );
    489         tr_free( cookie );
    490461
    491462        auth = evhttp_find_header( req->input_headers, "Authorization" );
     463
    492464        if( auth && !strncasecmp( auth, "basic ", 6 ) )
    493465        {
     
    503475        if( !isAddressAllowed( server, req->remote_host ) )
    504476        {
    505             send_simple_response( req, 403,
     477            send_simple_response( req, 401,
    506478                "<p>Unauthorized IP Address.</p>"
    507479                "<p>Either disable the IP address whitelist or add your address to it.</p>"
     
    533505        {
    534506            handle_clutch( req, server );
    535         }
    536         else if( !test_session_id( server, req ) )
    537         {
    538             send_simple_response( req, 409, "<p>Invalid session_id cookie.</p>" );
    539507        }
    540508        else if( !strncmp( req->uri, "/transmission/rpc", 17 ) )
     
    774742    s = tr_new0( tr_rpc_server, 1 );
    775743    s->session = session;
    776     s->sessionId = session_id_new( );
    777744
    778745    found = tr_bencDictFindInt( settings, TR_PREFS_KEY_RPC_ENABLED, &i );
Note: See TracChangeset for help on using the changeset viewer.