/*
** Compute the shared secret for a user.
*/
static void user_sha1_shared_secret_func(
sqlite3_context *context,
int argc,
sqlite3_value **argv
){
char *zPw;
char *zLogin;
assert( argc==2 );
zPw = (char*)sqlite3_value_text(argv[0]);
zLogin = (char*)sqlite3_value_text(argv[1]);
if( zPw && zLogin ){
sqlite3_result_text(context, sha1_shared_secret(zPw, zLogin), -1, free);
}
}
/*
** COMMAND: user
**
** Usage: %fossil user SUBCOMMAND ... ?-R|--repository FILE?
**
** Run various subcommands on users of the open repository or of
** the repository identified by the -R or --repository option.
**
** %fossil user capabilities USERNAME ?STRING?
**
** Query or set the capabilities for user USERNAME
**
** %fossil user default ?USERNAME?
**
** Query or set the default user. The default user is the
** user for command-line interaction.
**
** %fossil user list
**
** List all users known to the repository
**
** %fossil user new ?USERNAME? ?CONTACT-INFO? ?PASSWORD?
**
** Create a new user in the repository. Users can never be
** deleted. They can be denied all access but they must continue
** to exist in the database.
**
** %fossil user password USERNAME ?PASSWORD?
**
** Change the web access password for a user.
*/
void user_cmd(void){
int n;
db_find_and_open_repository(1);
if( g.argc<3 ){
usage("capabilities|default|list|new|password ...");
}
n = strlen(g.argv[2]);
if( n>=2 && strncmp(g.argv[2],"new",n)==0 ){
Blob passwd, login, contact;
char *zPw;
if( g.argc>=4 ){
blob_init(&login, g.argv[3], -1);
}else{
prompt_user("login: "******"SELECT 1 FROM user WHERE login=%B", &login) ){
fossil_fatal("user %b already exists", &login);
}
if( g.argc>=5 ){
blob_init(&contact, g.argv[4], -1);
}else{
prompt_user("contact-info: ", &contact);
}
if( g.argc>=6 ){
blob_init(&passwd, g.argv[5], -1);
}else{
prompt_for_password("password: "******"INSERT INTO user(login,pw,cap,info)"
"VALUES(%B,%Q,'v',%B)",
&login, zPw, &contact
);
free(zPw);
}else if( n>=2 && strncmp(g.argv[2],"default",n)==0 ){
user_select();
if( g.argc==3 ){
printf("%s\n", g.zLogin);
}else{
if( !db_exists("SELECT 1 FROM user WHERE login=%Q", g.argv[3]) ){
fossil_fatal("no such user: %s", g.argv[3]);
}
if( g.localOpen ){
db_lset("default-user", g.argv[3]);
}else{
db_set("default-user", g.argv[3], 0);
}
}
}else if( n>=2 && strncmp(g.argv[2],"list",n)==0 ){
Stmt q;
db_prepare(&q, "SELECT login, info FROM user ORDER BY login");
while( db_step(&q)==SQLITE_ROW ){
printf("%-12s %s\n", db_column_text(&q, 0), db_column_text(&q, 1));
}
db_finalize(&q);
}else if( n>=2 && strncmp(g.argv[2],"password",2)==0 ){
char *zPrompt;
int uid;
Blob pw;
if( g.argc!=4 && g.argc!=5 ) usage("password USERNAME ?NEW-PASSWORD?");
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", g.argv[3]);
if( uid==0 ){
fossil_fatal("no such user: %s", g.argv[3]);
}
if( g.argc==5 ){
blob_init(&pw, g.argv[4], -1);
}else{
zPrompt = mprintf("new passwd for %s: ", g.argv[3]);
prompt_for_password(zPrompt, &pw, 1);
}
if( blob_size(&pw)==0 ){
printf("password unchanged\n");
}else{
char *zSecret = sha1_shared_secret(blob_str(&pw), g.argv[3]);
db_multi_exec("UPDATE user SET pw=%Q WHERE uid=%d", zSecret, uid);
free(zSecret);
}
}else if( n>=2 && strncmp(g.argv[2],"capabilities",2)==0 ){
int uid;
if( g.argc!=4 && g.argc!=5 ){
usage("user capabilities USERNAME ?PERMISSIONS?");
}
uid = db_int(0, "SELECT uid FROM user WHERE login=%Q", g.argv[3]);
if( uid==0 ){
fossil_fatal("no such user: %s", g.argv[3]);
}
if( g.argc==5 ){
db_multi_exec(
"UPDATE user SET cap=%Q WHERE uid=%d", g.argv[4],
uid
);
}
printf("%s\n", db_text(0, "SELECT cap FROM user WHERE uid=%d", uid));
}else{
fossil_panic("user subcommand should be one of: "
"capabilities default list new password");
}
}
/*
** Expects pUser to contain fossil user fields in JSON form: name,
** uid, info, capabilities, password.
**
** At least one of (name, uid) must be included. All others are
** optional and their db fields will not be updated if those fields
** are not included in pUser.
**
** If uid is specified then name may refer to a _new_ name
** for a user, otherwise the name must refer to an existing user.
** If uid=-1 then the name must be specified and a new user is
** created (fails if one already exists).
**
** If uid is not set, this function might modify pUser to contain the
** db-found (or inserted) user ID.
**
** On error g.json's error state is set and one of the FSL_JSON_E_xxx
** values from FossilJsonCodes is returned.
**
** On success the db record for the given user is updated.
**
** Requires either Admin, Setup, or Password access. Non-admin/setup
** users can only change their own information. Non-setup users may
** not modify the 's' permission. Admin users without setup
** permissions may not edit any other user who has the 's' permission.
**
*/
int json_user_update_from_json( cson_object * pUser ){
#define CSTR(X) cson_string_cstr(cson_value_get_string( cson_object_get(pUser, X ) ))
char const * zName = CSTR("name");
char const * zNameNew = zName;
char * zNameFree = NULL;
char const * zInfo = CSTR("info");
char const * zCap = CSTR("capabilities");
char const * zPW = CSTR("password");
cson_value const * forceLogout = cson_object_get(pUser, "forceLogout");
int gotFields = 0;
#undef CSTR
cson_int_t uid = cson_value_get_integer( cson_object_get(pUser, "uid") );
char const tgtHasSetup = zCap && (NULL!=strchr(zCap, 's'));
char tgtHadSetup = 0;
Blob sql = empty_blob;
Stmt q = empty_Stmt;
#if 0
if(!g.perm.Admin && !g.perm.Setup && !g.perm.Password){
return json_set_err( FSL_JSON_E_DENIED,
"Password change requires 'a', 's', "
"or 'p' permissions.");
}
#endif
if(uid<=0 && (!zName||!*zName)){
return json_set_err(FSL_JSON_E_MISSING_ARGS,
"One of 'uid' or 'name' is required.");
}else if(uid>0){
zNameFree = db_text(NULL, "SELECT login FROM user WHERE uid=%d",uid);
if(!zNameFree){
return json_set_err(FSL_JSON_E_RESOURCE_NOT_FOUND,
"No login found for uid %d.", uid);
}
zName = zNameFree;
}else if(-1==uid){
/* try to create a new user */
if(!g.perm.Admin && !g.perm.Setup){
json_set_err(FSL_JSON_E_DENIED,
"Requires 'a' or 's' privileges.");
goto error;
}else if(!zName || !*zName){
json_set_err(FSL_JSON_E_MISSING_ARGS,
"No name specified for new user.");
goto error;
}else if( db_exists("SELECT 1 FROM user WHERE login=%Q", zName) ){
json_set_err(FSL_JSON_E_RESOURCE_ALREADY_EXISTS,
"User %s already exists.", zName);
goto error;
}else{
Stmt ins = empty_Stmt;
db_prepare(&ins, "INSERT INTO user (login) VALUES(%Q)",zName);
db_step( &ins );
db_finalize(&ins);
uid = db_int(0,"SELECT uid FROM user WHERE login=%Q", zName);
assert(uid>0);
zNameNew = zName;
cson_object_set( pUser, "uid", cson_value_new_integer(uid) );
}
}else{
uid = db_int(0,"SELECT uid FROM user WHERE login=%Q", zName);
if(uid<=0){
json_set_err(FSL_JSON_E_RESOURCE_NOT_FOUND,
"No login found for user [%s].", zName);
goto error;
}
cson_object_set( pUser, "uid", cson_value_new_integer(uid) );
}
/* Maintenance note: all error-returns from here on out should go
via 'goto error' in order to clean up.
*/
if(uid != g.userUid){
if(!g.perm.Admin && !g.perm.Setup){
json_set_err(FSL_JSON_E_DENIED,
"Changing another user's data requires "
"'a' or 's' privileges.");
goto error;
}
}
/* check if the target uid currently has setup rights. */
tgtHadSetup = db_int(0,"SELECT 1 FROM user where uid=%d"
" AND cap GLOB '*s*'", uid);
if((tgtHasSetup || tgtHadSetup) && !g.perm.Setup){
/*
Do not allow a non-setup user to set or remove setup
privileges. setup.c uses similar logic.
*/
json_set_err(FSL_JSON_E_DENIED,
"Modifying 's' users/privileges requires "
"'s' privileges.");
goto error;
}
/*
Potential todo: do not allow a setup user to remove 's' from
himself, to avoid locking himself out?
*/
blob_append(&sql, "UPDATE user SET",-1 );
blob_append(&sql, " mtime=cast(strftime('%s') AS INTEGER)", -1);
if((uid>0) && zNameNew){
/* Check for name change... */
if(0!=strcmp(zName,zNameNew)){
if( (!g.perm.Admin && !g.perm.Setup)
&& (zName != zNameNew)){
json_set_err( FSL_JSON_E_DENIED,
"Modifying user names requires 'a' or 's' privileges.");
goto error;
}
forceLogout = cson_value_true()
/* reminders: 1) does not allocate.
2) we do this because changing a name
invalidates any login token because the old name
is part of the token hash.
*/;
blob_append_sql(&sql, ", login=%Q", zNameNew);
++gotFields;
}
}
if( zCap && *zCap ){
if(!g.perm.Admin || !g.perm.Setup){
/* we "could" arguably silently ignore cap in this case. */
json_set_err(FSL_JSON_E_DENIED,
"Changing capabilities requires 'a' or 's' privileges.");
goto error;
}
blob_append_sql(&sql, ", cap=%Q", zCap);
++gotFields;
}
if( zPW && *zPW ){
if(!g.perm.Admin && !g.perm.Setup && !g.perm.Password){
json_set_err( FSL_JSON_E_DENIED,
"Password change requires 'a', 's', "
"or 'p' permissions.");
goto error;
}else{
#define TRY_LOGIN_GROUP 0 /* login group support is not yet implemented. */
#if !TRY_LOGIN_GROUP
char * zPWHash = NULL;
++gotFields;
zPWHash = sha1_shared_secret(zPW, zNameNew ? zNameNew : zName, NULL);
blob_append_sql(&sql, ", pw=%Q", zPWHash);
free(zPWHash);
#else
++gotFields;
blob_append_sql(&sql, ", pw=coalesce(shared_secret(%Q,%Q,"
"(SELECT value FROM config WHERE name='project-code')))",
zPW, zNameNew ? zNameNew : zName);
/* shared_secret() func is undefined? */
#endif
}
}
if( zInfo ){
blob_append_sql(&sql, ", info=%Q", zInfo);
++gotFields;
}
if((g.perm.Admin || g.perm.Setup)
&& forceLogout && cson_value_get_bool(forceLogout)){
blob_append(&sql, ", cookie=NULL, cexpire=NULL", -1);
++gotFields;
}
if(!gotFields){
json_set_err( FSL_JSON_E_MISSING_ARGS,
"Required user data are missing.");
goto error;
}
assert(uid>0);
#if !TRY_LOGIN_GROUP
blob_append_sql(&sql, " WHERE uid=%d", uid);
#else /* need name for login group support :/ */
blob_append_sql(&sql, " WHERE login=%Q", zName);
#endif
#if 0
puts(blob_str(&sql));
cson_output_FILE( cson_object_value(pUser), stdout, NULL );
#endif
db_prepare(&q, "%s", blob_sql_text(&sql));
db_exec(&q);
db_finalize(&q);
#if TRY_LOGIN_GROUP
if( zPW || cson_value_get_bool(forceLogout) ){
Blob groupSql = empty_blob;
char * zErr = NULL;
blob_append_sql(&groupSql,
"INSERT INTO user(login)"
" SELECT %Q WHERE NOT EXISTS(SELECT 1 FROM user WHERE login=%Q);",
zName, zName
);
blob_append(&groupSql, blob_str(&sql), blob_size(&sql));
login_group_sql(blob_str(&groupSql), NULL, NULL, &zErr);
blob_reset(&groupSql);
if( zErr ){
json_set_err( FSL_JSON_E_UNKNOWN,
"Repo-group update at least partially failed: %s",
zErr);
free(zErr);
goto error;
}
}
#endif /* TRY_LOGIN_GROUP */
#undef TRY_LOGIN_GROUP
free( zNameFree );
blob_reset(&sql);
return 0;
error:
assert(0 != g.json.resultCode);
free(zNameFree);
blob_reset(&sql);
return g.json.resultCode;
}
