diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 19:39:17 (JST) |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 20:13:39 (JST) |
commit | b826537cb4aa2358027ffcb1dd6a87274734e962 (patch) | |
tree | 7c749c66d868cb996828d2b65a4bede58b5ebd62 /cgit.c | |
parent | d6e9200cc35411f3f27426b608bcfdef9348e6d3 (diff) | |
download | cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.zip cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.gz |
authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgit.c')
-rw-r--r-- | cgit.c | 22 |
1 files changed, 8 insertions, 14 deletions
@@ -614,22 +614,19 @@ static inline void open_auth_filter(struct cgit_context *ctx, const char *functi | |||
614 | ctx->qry.url ? ctx->qry.url : ""); | 614 | ctx->qry.url ? ctx->qry.url : ""); |
615 | } | 615 | } |
616 | 616 | ||
617 | /* We intentionally keep this rather small, instead of looping and | ||
618 | * feeding it to the filter a couple bytes at a time. This way, the | ||
619 | * filter itself does not need to handle any denial of service or | ||
620 | * buffer bloat issues. If this winds up being too small, people | ||
621 | * will complain on the mailing list, and we'll increase it as needed. */ | ||
617 | #define MAX_AUTHENTICATION_POST_BYTES 4096 | 622 | #define MAX_AUTHENTICATION_POST_BYTES 4096 |
623 | /* The filter is expected to spit out "Status: " and all headers. */ | ||
618 | static inline void authenticate_post(struct cgit_context *ctx) | 624 | static inline void authenticate_post(struct cgit_context *ctx) |
619 | { | 625 | { |
620 | if (ctx->env.http_referer && strlen(ctx->env.http_referer) > 0) { | ||
621 | html("Status: 302 Redirect\n"); | ||
622 | html("Cache-Control: no-cache, no-store\n"); | ||
623 | htmlf("Location: %s\n", ctx->env.http_referer); | ||
624 | } else { | ||
625 | html("Status: 501 Missing Referer\n"); | ||
626 | html("Cache-Control: no-cache, no-store\n\n"); | ||
627 | exit(0); | ||
628 | } | ||
629 | |||
630 | open_auth_filter(ctx, "authenticate-post"); | ||
631 | char buffer[MAX_AUTHENTICATION_POST_BYTES]; | 626 | char buffer[MAX_AUTHENTICATION_POST_BYTES]; |
632 | int len; | 627 | int len; |
628 | |||
629 | open_auth_filter(ctx, "authenticate-post"); | ||
633 | len = ctx->env.content_length; | 630 | len = ctx->env.content_length; |
634 | if (len > MAX_AUTHENTICATION_POST_BYTES) | 631 | if (len > MAX_AUTHENTICATION_POST_BYTES) |
635 | len = MAX_AUTHENTICATION_POST_BYTES; | 632 | len = MAX_AUTHENTICATION_POST_BYTES; |
@@ -637,10 +634,7 @@ static inline void authenticate_post(struct cgit_context *ctx) | |||
637 | die_errno("Could not read POST from stdin"); | 634 | die_errno("Could not read POST from stdin"); |
638 | if (write(STDOUT_FILENO, buffer, len) < 0) | 635 | if (write(STDOUT_FILENO, buffer, len) < 0) |
639 | die_errno("Could not write POST to stdout"); | 636 | die_errno("Could not write POST to stdout"); |
640 | /* The filter may now spit out a Set-Cookie: ... */ | ||
641 | cgit_close_filter(ctx->cfg.auth_filter); | 637 | cgit_close_filter(ctx->cfg.auth_filter); |
642 | |||
643 | html("\n"); | ||
644 | exit(0); | 638 | exit(0); |
645 | } | 639 | } |
646 | 640 | ||