[asterisk-commits] russell: branch 1.6.0 r114593 - in /branches/1.6.0: ./ include/asterisk/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Apr 23 13:01:43 CDT 2008 

Author: russell
Date: Wed Apr 23 13:01:42 2008
New Revision: 114593

URL: http://svn.digium.com/view/asterisk?view=rev&rev=114593
Log:
Merged revisions 114592 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/trunk

................
r114592 | russell | 2008-04-23 13:01:00 -0500 (Wed, 23 Apr 2008) | 13 lines

Merged revisions 114591 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r114591 | russell | 2008-04-23 12:55:31 -0500 (Wed, 23 Apr 2008) | 5 lines

Store the manager session ID explicitly as 4 byte ID instead of a ulong.  The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)

........

................

Modified:
    branches/1.6.0/   (props changed)
    branches/1.6.0/include/asterisk/manager.h
    branches/1.6.0/main/manager.c

Propchange: branches/1.6.0/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.

Modified: branches/1.6.0/include/asterisk/manager.h
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/include/asterisk/manager.h?view=diff&rev=114593&r1=114592&r2=114593
==============================================================================
--- branches/1.6.0/include/asterisk/manager.h (original)
+++ branches/1.6.0/include/asterisk/manager.h Wed Apr 23 13:01:42 2008
@@ -157,7 +157,7 @@
  * \retval 1 if the session has the permission mask capabilities
  * \retval 0 otherwise
  */
-int astman_verify_session_readpermissions(unsigned long ident, int perm);
+int astman_verify_session_readpermissions(uint32_t ident, int perm);
 
 /*!
  * \brief Verify a session's write permissions against a permission mask.  
@@ -166,7 +166,7 @@
  * \retval 1 if the session has the permission mask capabilities, otherwise 0
  * \retval 0 otherwise
  */
-int astman_verify_session_writepermissions(unsigned long ident, int perm);
+int astman_verify_session_writepermissions(uint32_t ident, int perm);
 
 /*! \brief External routines may send asterisk manager events this way 
  *  	\param category	Event category, matches manager authorization

Modified: branches/1.6.0/main/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/manager.c?view=diff&rev=114593&r1=114592&r2=114593
==============================================================================
--- branches/1.6.0/main/manager.c (original)
+++ branches/1.6.0/main/manager.c Wed Apr 23 13:01:42 2008
@@ -153,7 +153,7 @@
 	int inuse;		/*!< number of HTTP sessions using this entry */
 	int needdestroy;	/*!< Whether an HTTP session should be destroyed */
 	pthread_t waiting_thread;	/*!< Sleeping thread using this descriptor */
-	unsigned long managerid;	/*!< Unique manager identifier, 0 for AMI sessions */
+	uint32_t managerid;	/*!< Unique manager identifier, 0 for AMI sessions */
 	time_t sessionstart;    /*!< Session start time */
 	time_t sessiontimeout;	/*!< Session timeout if HTTP */
 	char username[80];	/*!< Logged in username */
@@ -3140,7 +3140,7 @@
  * the value of the mansession_id cookie (0 is not valid and means
  * a session on the AMI socket).
  */
-static struct mansession *find_session(unsigned long ident)
+static struct mansession *find_session(uint32_t ident)
 {
 	struct mansession *s;
 
@@ -3161,7 +3161,7 @@
 	return s;
 }
 
-int astman_verify_session_readpermissions(unsigned long ident, int perm)
+int astman_verify_session_readpermissions(uint32_t ident, int perm)
 {
 	int result = 0;
 	struct mansession *s;
@@ -3180,7 +3180,7 @@
 	return result;
 }
 
-int astman_verify_session_writepermissions(unsigned long ident, int perm)
+int astman_verify_session_writepermissions(uint32_t ident, int perm)
 {
 	int result = 0;
 	struct mansession *s;
@@ -3435,7 +3435,7 @@
 					     char **title, int *contentlength)
 {
 	struct mansession *s = NULL;
-	unsigned long ident = 0; /* invalid, so find_session will fail if not set through the cookie */
+	uint32_t ident = 0;
 	int blastaway = 0;
 	struct ast_variable *v;
 	char template[] = "/tmp/ast-http-XXXXXX";	/* template for temporary file */
@@ -3446,7 +3446,7 @@
 
 	for (v = params; v; v = v->next) {
 		if (!strcasecmp(v->name, "mansession_id")) {
-			sscanf(v->value, "%lx", &ident);
+			sscanf(v->value, "%x", &ident);
 			break;
 		}
 	}
@@ -3513,7 +3513,7 @@
 	ast_str_append(&out, 0,
 		       "Content-type: text/%s\r\n"
 		       "Cache-Control: no-cache;\r\n"
-		       "Set-Cookie: mansession_id=\"%08lx\"; Version=\"1\"; Max-Age=%d\r\n"
+		       "Set-Cookie: mansession_id=\"%08x\"; Version=\"1\"; Max-Age=%d\r\n"
 		       "\r\n",
 			contenttype[format],
 			s->managerid, httptimeout);

More information about the asterisk-commits mailing list