libtransmission-rpc-server.c.patch

   1 Index: libtransmission/rpc-server.c
   2 ===================================================================
   3 --- libtransmission/rpc-server.c        (revision 13057)
   4 +++ libtransmission/rpc-server.c        (working copy)
   5 @@ -32,6 +32,7 @@
   6  #include "fdlimit.h"
   7  #include "list.h"
   8  #include "net.h"
   9 +#include "native-auth.h"
  10  #include "platform.h" /* tr_getWebClientDir() */
  11  #include "ptrarray.h"
  12  #include "rpcimpl.h"
  13 @@ -56,6 +57,7 @@
  14  {
  15      bool               isEnabled;
  16      bool               isPasswordEnabled;
  17 +    bool               isNativeAuthenticationEnabled;
  18      bool               isWhitelistEnabled;
  19      tr_port            port;
  20      char *             url;
  21 @@ -575,6 +577,35 @@
  22  }
  23
  24  static bool
  25 +isUserAllowed( struct tr_rpc_server* server, const char * user, const char * pass)
  26 +{
  27 +    bool successAuth;
  28 +
  29 +    if( !server->isPasswordEnabled )
  30 +           return true;
  31 +
  32 +    if( !user || !pass )
  33 +    {
  34 +        return false;
  35 +    }
  36 +
  37 +    if( server->isNativeAuthenticationEnabled )
  38 +    {
  39 +        tr_rpcNativeAuthenticationResult authResult;
  40 +        tr_performNativeAuthentication( user, pass, &authResult);
  41 +        successAuth = (NATIVE_AUTHENTICATON_SUCCESS == authResult);
  42 +    }
  43 +    else
  44 +    {
  45 +        successAuth = !strcmp( server->username, user ) &&
  46 +                      tr_ssha1_matches( server->password, pass);
  47 +    }
  48 +
  49 +    return successAuth;
  50 +}
  51 +
  52 +
  53 +static bool
  54  test_session_id( struct tr_rpc_server * server, struct evhttp_request * req )
  55  {
  56      const char * ours = get_current_session_id( server );
  57 @@ -616,10 +647,7 @@
  58                  "<p>If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.</p>"
  59                  "<p>If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.</p>" );
  60          }
  61 -        else if( server->isPasswordEnabled
  62 -                 && ( !pass || !user || strcmp( server->username, user )
  63 -                                     || !tr_ssha1_matches( server->password,
  64 -                                                           pass ) ) )
  65 +        else if( !isUserAllowed( server, user, pass ) )
  66          {
  67              evhttp_add_header( req->output_headers,
  68                                 "WWW-Authenticate",
  69 @@ -877,6 +905,19 @@
  70      return server->isPasswordEnabled;
  71  }
  72
  73 +void
  74 +tr_rpcSetNativeAuthenticationEnabled( tr_rpc_server * server, bool isEnabled )
  75 +{
  76 +    server->isNativeAuthenticationEnabled = isEnabled;
  77 +    dbgmsg( "setting 'native authenication enabled' to %d", (int)isEnabled );
  78 +}
  79 +
  80 +bool
  81 +tr_rpcIsNativeAuthenticationEnabled( const tr_rpc_server * server )
  82 +{
  83 +    return server->isNativeAuthenticationEnabled;
  84 +}
  85 +
  86  const char *
  87  tr_rpcGetBindAddress( const tr_rpc_server * server )
  88  {
  89 @@ -961,6 +1002,12 @@
  90      else
  91          tr_rpcSetPasswordEnabled( s, boolVal );
  92
  93 +    key = TR_PREFS_KEY_RPC_NATIVE_AUTH_ENABLED;
  94 +    if ( !tr_bencDictFindBool( settings, key, &boolVal ) )
  95 +        tr_nerr( MY_NAME, _( "Couldn't find settings key \"%s\"" ), key );
  96 +    else
  97 +        tr_rpcSetNativeAuthenticationEnabled( s, boolVal );
  98 +
  99      key = TR_PREFS_KEY_RPC_WHITELIST;
 100      if( !tr_bencDictFindStr( settings, key, &str ) && str )
 101          tr_nerr( MY_NAME, _( "Couldn't find settings key \"%s\"" ), key );