kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-27 14:41:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 114591 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r114591 | russell | 2008-04-23 12:55:31 -0500 (Wed, 23 Apr 2008) | 5 lines

Store the manager session ID explicitly as 4 byte ID instead of a ulong.  The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)

........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@114592 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2008-04-23 18:01:00 +00:00
parent 0fa42f819a
commit c0308de13e
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/asterisk/manager.h
View File

@@ -157,7 +157,7 @@ int ast_manager_unregister( char *action );
* \retval 1 if the session has the permission mask capabilities * \retval 1 if the session has the permission mask capabilities
* \retval 0 otherwise * \retval 0 otherwise
*/ */
int astman_verify_session_readpermissions(unsigned long ident, int perm); int astman_verify_session_readpermissions(uint32_t ident, int perm);
/*! /*!
* \brief Verify a session's write permissions against a permission mask. * \brief Verify a session's write permissions against a permission mask.
@@ -166,7 +166,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm);
* \retval 1 if the session has the permission mask capabilities, otherwise 0 * \retval 1 if the session has the permission mask capabilities, otherwise 0
* \retval 0 otherwise * \retval 0 otherwise
*/ */
int astman_verify_session_writepermissions(unsigned long ident, int perm); int astman_verify_session_writepermissions(uint32_t ident, int perm);
/*! \brief External routines may send asterisk manager events this way /*! \brief External routines may send asterisk manager events this way
* \param category Event category, matches manager authorization * \param category Event category, matches manager authorization

14
main/manager.c
View File

@@ -154,7 +154,7 @@ struct mansession {
int inuse; /*!< number of HTTP sessions using this entry */ int inuse; /*!< number of HTTP sessions using this entry */
int needdestroy; /*!< Whether an HTTP session should be destroyed */ int needdestroy; /*!< Whether an HTTP session should be destroyed */
pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */ pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */
unsigned long managerid; /*!< Unique manager identifier, 0 for AMI sessions */ uint32_t managerid; /*!< Unique manager identifier, 0 for AMI sessions */
time_t sessionstart; /*!< Session start time */ time_t sessionstart; /*!< Session start time */
time_t sessiontimeout; /*!< Session timeout if HTTP */ time_t sessiontimeout; /*!< Session timeout if HTTP */
char username[80]; /*!< Logged in username */ char username[80]; /*!< Logged in username */
@@ -3209,7 +3209,7 @@ static char *contenttype[] = {
* the value of the mansession_id cookie (0 is not valid and means * the value of the mansession_id cookie (0 is not valid and means
* a session on the AMI socket). * a session on the AMI socket).
*/ */
static struct mansession *find_session(unsigned long ident) static struct mansession *find_session(uint32_t ident)
{ {
struct mansession *s; struct mansession *s;
@@ -3230,7 +3230,7 @@ static struct mansession *find_session(unsigned long ident)
return s; return s;
} }
int astman_verify_session_readpermissions(unsigned long ident, int perm) int astman_verify_session_readpermissions(uint32_t ident, int perm)
{ {
int result = 0; int result = 0;
struct mansession *s; struct mansession *s;
@@ -3249,7 +3249,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm)
return result; return result;
} }
int astman_verify_session_writepermissions(unsigned long ident, int perm) int astman_verify_session_writepermissions(uint32_t ident, int perm)
{ {
int result = 0; int result = 0;
struct mansession *s; struct mansession *s;
@@ -3504,7 +3504,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
char **title, int *contentlength) char **title, int *contentlength)
{ {
struct mansession *s = NULL; struct mansession *s = NULL;
unsigned long ident = 0; /* invalid, so find_session will fail if not set through the cookie */ uint32_t ident = 0;
int blastaway = 0; int blastaway = 0;
struct ast_variable *v; struct ast_variable *v;
char template[] = "/tmp/ast-http-XXXXXX"; /* template for temporary file */ char template[] = "/tmp/ast-http-XXXXXX"; /* template for temporary file */
@@ -3515,7 +3515,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
for (v = params; v; v = v->next) { for (v = params; v; v = v->next) {
if (!strcasecmp(v->name, "mansession_id")) { if (!strcasecmp(v->name, "mansession_id")) {
sscanf(v->value, "%lx", &ident); sscanf(v->value, "%x", &ident);
break; break;
} }
} }
@@ -3582,7 +3582,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
ast_str_append(&out, 0, ast_str_append(&out, 0,
"Content-type: text/%s\r\n" "Content-type: text/%s\r\n"
"Cache-Control: no-cache;\r\n" "Cache-Control: no-cache;\r\n"
"Set-Cookie: mansession_id=\"%08lx\"; Version=\"1\"; Max-Age=%d\r\n" "Set-Cookie: mansession_id=\"%08x\"; Version=\"1\"; Max-Age=%d\r\n"
"\r\n", "\r\n",
contenttype[format], contenttype[format],
s->managerid, httptimeout); s->managerid, httptimeout);