[asterisk-commits] russell: branch 1.4 r114591 - in /branches/1.4: include/asterisk/ main/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Apr 23 12:55:32 CDT 2008
Author: russell
Date: Wed Apr 23 12:55:31 2008
New Revision: 114591
URL: http://svn.digium.com/view/asterisk?view=rev&rev=114591
Log:
Store the manager session ID explicitly as 4 byte ID instead of a ulong. The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)
Modified:
branches/1.4/include/asterisk/manager.h
branches/1.4/main/manager.c
Modified: branches/1.4/include/asterisk/manager.h
URL: http://svn.digium.com/view/asterisk/branches/1.4/include/asterisk/manager.h?view=diff&rev=114591&r1=114590&r2=114591
==============================================================================
--- branches/1.4/include/asterisk/manager.h (original)
+++ branches/1.4/include/asterisk/manager.h Wed Apr 23 12:55:31 2008
@@ -111,7 +111,7 @@
* \param perm permission mask to verify
* \returns 1 if the session has the permission mask capabilities, otherwise 0
*/
-int astman_verify_session_readpermissions(unsigned long ident, int perm);
+int astman_verify_session_readpermissions(uint32_t ident, int perm);
/*!
* \brief Verify a session's write permissions against a permission mask.
@@ -119,7 +119,7 @@
* \param perm permission mask to verify
* \returns 1 if the session has the permission mask capabilities, otherwise 0
*/
-int astman_verify_session_writepermissions(unsigned long ident, int perm);
+int astman_verify_session_writepermissions(uint32_t ident, int perm);
/*! External routines may send asterisk manager events this way */
/*! \param category Event category, matches manager authorization
Modified: branches/1.4/main/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/manager.c?view=diff&rev=114591&r1=114590&r2=114591
==============================================================================
--- branches/1.4/main/manager.c (original)
+++ branches/1.4/main/manager.c Wed Apr 23 12:55:31 2008
@@ -151,7 +151,7 @@
/*! Whether an HTTP session has someone waiting on events */
pthread_t waiting_thread;
/*! Unique manager identifer */
- unsigned long managerid;
+ uint32_t managerid;
/*! Session timeout if HTTP */
time_t sessiontimeout;
/*! Output from manager interface */
@@ -2578,7 +2578,7 @@
/*! @}
END Doxygen group */
-static struct mansession *find_session(unsigned long ident)
+static struct mansession *find_session(uint32_t ident)
{
struct mansession *s;
@@ -2596,7 +2596,7 @@
return s;
}
-int astman_verify_session_readpermissions(unsigned long ident, int perm)
+int astman_verify_session_readpermissions(uint32_t ident, int perm)
{
int result = 0;
struct mansession *s;
@@ -2615,7 +2615,7 @@
return result;
}
-int astman_verify_session_writepermissions(unsigned long ident, int perm)
+int astman_verify_session_writepermissions(uint32_t ident, int perm)
{
int result = 0;
struct mansession *s;
@@ -2644,7 +2644,7 @@
static char *generic_http_callback(int format, struct sockaddr_in *requestor, const char *uri, struct ast_variable *params, int *status, char **title, int *contentlength)
{
struct mansession *s = NULL;
- unsigned long ident = 0;
+ uint32_t ident = 0;
char workspace[512];
char cookie[128];
size_t len = sizeof(workspace);
@@ -2655,7 +2655,7 @@
for (v = params; v; v = v->next) {
if (!strcasecmp(v->name, "mansession_id")) {
- sscanf(v->value, "%lx", &ident);
+ sscanf(v->value, "%x", &ident);
break;
}
}
@@ -2728,7 +2728,7 @@
s->needdestroy = 1;
}
ast_build_string(&c, &len, "Content-type: text/%s\r\n", contenttype[format]);
- sprintf(tmp, "%08lx", s->managerid);
+ sprintf(tmp, "%08x", s->managerid);
ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie)));
if (format == FORMAT_HTML)
ast_build_string(&c, &len, "<title>Asterisk™ Manager Interface</title>");
More information about the asterisk-commits
mailing list