static gboolean
search_cb (GtkButton *button,
gpointer user_data)
{
search_dialog *dialog = (search_dialog *)user_data;
gchar *sane_str, *url;
const gchar *str;
gboolean result;
str = gtk_entry_get_text(GTK_ENTRY(dialog->search_entry));
if (strlen(str) == 0)
return FALSE;
gtk_list_store_clear(GTK_LIST_STORE(dialog->result_mdl));
if ((sane_str = sanitize_str(str)) == NULL)
return FALSE;
url = g_strdup_printf("/search/search?where=%s", sane_str);
g_free(sane_str);
result = http_get_buffer(url, "xoap.weather.com", dialog->proxy_host, dialog->proxy_port,
&dialog->recv_buffer, cb_searchdone, (gpointer)dialog);
g_free(url);
return result;
}
static void read_test(const char *path)
{
char buf[BUFFER_SIZE];
int fd;
ssize_t count;
if (exclude && !fnmatch(exclude, path, FNM_EXTMATCH)) {
if (verbose)
tst_res(TINFO, "Ignoring %s", path);
return;
}
if (verbose)
tst_res(TINFO, "%s(%s)", __func__, path);
fd = open(path, O_RDONLY | O_NONBLOCK);
if (fd < 0) {
if (!quiet)
tst_res(TINFO | TERRNO, "open(%s)", path);
return;
}
count = read(fd, buf, sizeof(buf) - 1);
if (count > 0 && verbose) {
sanitize_str(buf, count);
tst_res(TINFO, "read(%s, buf) = %zi, buf = %s",
path, count, buf);
} else if (!count && verbose) {
tst_res(TINFO, "read(%s) = EOF", path);
} else if (count < 0 && !quiet) {
tst_res(TINFO | TERRNO, "read(%s)", path);
}
SAFE_CLOSE(fd);
}
/*
* Read and parse the first message from client in the context of a SCRAM
* authentication exchange message.
*
* At this stage, any errors will be reported directly with ereport(ERROR).
*/
static void
read_client_first_message(scram_state *state, char *input)
{
char *channel_binding_type;
input = pstrdup(input);
/*------
* The syntax for the client-first-message is: (RFC 5802)
*
* saslname = 1*(value-safe-char / "=2C" / "=3D")
* ;; Conforms to <value>.
*
* authzid = "a=" saslname
* ;; Protocol specific.
*
* cb-name = 1*(ALPHA / DIGIT / "." / "-")
* ;; See RFC 5056, Section 7.
* ;; E.g., "tls-server-end-point" or
* ;; "tls-unique".
*
* gs2-cbind-flag = ("p=" cb-name) / "n" / "y"
* ;; "n" -> client doesn't support channel binding.
* ;; "y" -> client does support channel binding
* ;; but thinks the server does not.
* ;; "p" -> client requires channel binding.
* ;; The selected channel binding follows "p=".
*
* gs2-header = gs2-cbind-flag "," [ authzid ] ","
* ;; GS2 header for SCRAM
* ;; (the actual GS2 header includes an optional
* ;; flag to indicate that the GSS mechanism is not
* ;; "standard", but since SCRAM is "standard", we
* ;; don't include that flag).
*
* username = "******" saslname
* ;; Usernames are prepared using SASLprep.
*
* reserved-mext = "m=" 1*(value-char)
* ;; Reserved for signaling mandatory extensions.
* ;; The exact syntax will be defined in
* ;; the future.
*
* nonce = "r=" c-nonce [s-nonce]
* ;; Second part provided by server.
*
* c-nonce = printable
*
* client-first-message-bare =
* [reserved-mext ","]
* username "," nonce ["," extensions]
*
* client-first-message =
* gs2-header client-first-message-bare
*
* For example:
* n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL
*
* The "n,," in the beginning means that the client doesn't support
* channel binding, and no authzid is given. "n=user" is the username.
* However, in PostgreSQL the username is sent in the startup packet, and
* the username in the SCRAM exchange is ignored. libpq always sends it
* as an empty string. The last part, "r=fyko+d2lbbFgONRv9qkxdawL" is
* the client nonce.
*------
*/
/*
* Read gs2-cbind-flag. (For details see also RFC 5802 Section 6 "Channel
* Binding".)
*/
state->cbind_flag = *input;
switch (*input)
{
case 'n':
/*
* The client does not support channel binding or has simply
* decided to not use it. In that case just let it go.
*/
if (state->channel_binding_in_use)
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
input++;
if (*input != ',')
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("Comma expected, but found character \"%s\".",
sanitize_char(*input))));
input++;
break;
case 'y':
/*
* The client supports channel binding and thinks that the server
* does not. In this case, the server must fail authentication if
* it supports channel binding.
*/
if (state->channel_binding_in_use)
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("The client selected SCRAM-SHA-256-PLUS, but the SCRAM message does not include channel binding data.")));
#ifdef HAVE_BE_TLS_GET_CERTIFICATE_HASH
if (state->port->ssl_in_use)
ereport(ERROR,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("SCRAM channel binding negotiation error"),
errdetail("The client supports SCRAM channel binding but thinks the server does not. "
"However, this server does support channel binding.")));
#endif
input++;
if (*input != ',')
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("Comma expected, but found character \"%s\".",
sanitize_char(*input))));
input++;
break;
case 'p':
/*
* The client requires channel binding. Channel binding type
* follows, e.g., "p=tls-server-end-point".
*/
if (!state->channel_binding_in_use)
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("The client selected SCRAM-SHA-256 without channel binding, but the SCRAM message includes channel binding data.")));
channel_binding_type = read_attr_value(&input, 'p');
/*
* The only channel binding type we support is
* tls-server-end-point.
*/
if (strcmp(channel_binding_type, "tls-server-end-point") != 0)
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
(errmsg("unsupported SCRAM channel-binding type \"%s\"",
sanitize_str(channel_binding_type)))));
break;
default:
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("Unexpected channel-binding flag \"%s\".",
sanitize_char(*input))));
}
/*
* Forbid optional authzid (authorization identity). We don't support it.
*/
if (*input == 'a')
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("client uses authorization identity, but it is not supported")));
if (*input != ',')
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("malformed SCRAM message"),
errdetail("Unexpected attribute \"%s\" in client-first-message.",
sanitize_char(*input))));
input++;
state->client_first_message_bare = pstrdup(input);
/*
* Any mandatory extensions would go here. We don't support any.
*
* RFC 5802 specifies error code "e=extensions-not-supported" for this,
* but it can only be sent in the server-final message. We prefer to fail
* immediately (which the RFC also allows).
*/
if (*input == 'm')
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("client requires an unsupported SCRAM extension")));
/*
* Read username. Note: this is ignored. We use the username from the
* startup message instead, still it is kept around if provided as it
* proves to be useful for debugging purposes.
*/
state->client_username = read_attr_value(&input, 'n');
/* read nonce and check that it is made of only printable characters */
state->client_nonce = read_attr_value(&input, 'r');
if (!is_scram_printable(state->client_nonce))
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
errmsg("non-printable characters in SCRAM nonce")));
/*
* There can be any number of optional extensions after this. We don't
* support any extensions, so ignore them.
*/
while (*input != '\0')
read_any_attr(&input, NULL);
/* success! */
}
int fill_context(HWND hwnd,int ctrl,FILE *f)
{
char buf[512];
int i,len,count;
__int64 offset,line;
offset=_ftelli64(f);
if(binary){
current_line=offset;
line=offset-(line_count/2)*16;
if(line<0)line=0;
_fseeki64(f,line,SEEK_SET);
fill_line_col(hwnd,IDC_ROWNUMBER,line);
}
else{
count=seek_line_relative(f,line_count/2,-1);
line=current_line-count;
if(line<=0)
line=1;
if(current_line<=0)
current_line=1;
fill_line_col(hwnd,IDC_ROWNUMBER,line);
}
SendDlgItemMessage(hwnd,ctrl,EM_GETSEL,&edit_sel_pos,0);
SetDlgItemText(hwnd,ctrl,"");
for(i=0;i<line_count;i++){
buf[0]=0;
if(binary){
len=fread(buf,1,16,f);
if(len<=0)
break;
buf[16]=0;
format_hex_str(buf,len,buf+16,sizeof(buf)-16);
strncpy(buf,buf+16,sizeof(buf));
len=strlen(buf);
}
else{
__int64 pos=0;
int buf_size=sizeof(buf);
pos=_ftelli64(f);
if(fgets(buf,buf_size-1,f)==0)
break;
buf[buf_size-1]=0;
pos=_ftelli64(f)-pos;
len=(int)pos;
if(len>buf_size-1)
len=buf_size-1;
sanitize_str(buf,len);
if(buf[len-1]!='\n'){
char *s=buf+buf_size-3;
purge_string(f,0x10000);
if(len>buf_size-3)
s=buf+buf_size-3;
else
s=buf+len-3;
s[0]='\r';
s[1]='\n';
s[2]=0;
}
}
add_line(hwnd,ctrl,buf);
}
SendDlgItemMessage(hwnd,ctrl,EM_SETSEL,edit_sel_pos,edit_sel_pos);
_fseeki64(f,offset,SEEK_SET);
return TRUE;
}
