diff options
| author |  Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 19:39:17 (JST) |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 20:13:39 (JST) |
| commit | b826537cb4aa2358027ffcb1dd6a87274734e962 (patch) | |
| tree | 7c749c66d868cb996828d2b65a4bede58b5ebd62 /cgit.c | |
| parent | d6e9200cc35411f3f27426b608bcfdef9348e6d3 (diff) | |
| download | cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.zip cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.gz | |
authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgit.c')
| -rw-r--r-- | cgit.c | 22 |
1 files changed, 8 insertions, 14 deletions
| @@ -614,22 +614,19 @@ static inline void open_auth_filter(struct cgit_context *ctx, const char *functi | |||
| 614 | ctx->qry.url ? ctx->qry.url : ""); | 614 | ctx->qry.url ? ctx->qry.url : ""); |
| 615 | } | 615 | } |
| 616 | 616 | ||
| 617 | /* We intentionally keep this rather small, instead of looping and | ||
| 618 | * feeding it to the filter a couple bytes at a time. This way, the | ||
| 619 | * filter itself does not need to handle any denial of service or | ||
| 620 | * buffer bloat issues. If this winds up being too small, people | ||
| 621 | * will complain on the mailing list, and we'll increase it as needed. */ | ||
| 617 | #define MAX_AUTHENTICATION_POST_BYTES 4096 | 622 | #define MAX_AUTHENTICATION_POST_BYTES 4096 |
| 623 | /* The filter is expected to spit out "Status: " and all headers. */ | ||
| 618 | static inline void authenticate_post(struct cgit_context *ctx) | 624 | static inline void authenticate_post(struct cgit_context *ctx) |
| 619 | { | 625 | { |
| 620 | if (ctx->env.http_referer && strlen(ctx->env.http_referer) > 0) { | ||
| 621 | html("Status: 302 Redirect\n"); | ||
| 622 | html("Cache-Control: no-cache, no-store\n"); | ||
| 623 | htmlf("Location: %s\n", ctx->env.http_referer); | ||
| 624 | } else { | ||
| 625 | html("Status: 501 Missing Referer\n"); | ||
| 626 | html("Cache-Control: no-cache, no-store\n\n"); | ||
| 627 | exit(0); | ||
| 628 | } | ||
| 629 | |||
| 630 | open_auth_filter(ctx, "authenticate-post"); | ||
| 631 | char buffer[MAX_AUTHENTICATION_POST_BYTES]; | 626 | char buffer[MAX_AUTHENTICATION_POST_BYTES]; |
| 632 | int len; | 627 | int len; |
| 628 | |||
| 629 | open_auth_filter(ctx, "authenticate-post"); | ||
| 633 | len = ctx->env.content_length; | 630 | len = ctx->env.content_length; |
| 634 | if (len > MAX_AUTHENTICATION_POST_BYTES) | 631 | if (len > MAX_AUTHENTICATION_POST_BYTES) |
| 635 | len = MAX_AUTHENTICATION_POST_BYTES; | 632 | len = MAX_AUTHENTICATION_POST_BYTES; |
| @@ -637,10 +634,7 @@ static inline void authenticate_post(struct cgit_context *ctx) | |||
| 637 | die_errno("Could not read POST from stdin"); | 634 | die_errno("Could not read POST from stdin"); |
| 638 | if (write(STDOUT_FILENO, buffer, len) < 0) | 635 | if (write(STDOUT_FILENO, buffer, len) < 0) |
| 639 | die_errno("Could not write POST to stdout"); | 636 | die_errno("Could not write POST to stdout"); |
| 640 | /* The filter may now spit out a Set-Cookie: ... */ | ||
| 641 | cgit_close_filter(ctx->cfg.auth_filter); | 637 | cgit_close_filter(ctx->cfg.auth_filter); |
| 642 | |||
| 643 | html("\n"); | ||
| 644 | exit(0); | 638 | exit(0); |
| 645 | } | 639 | } |
| 646 | 640 | ||