diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 17:55:31 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 17:55:31 +0000 |
commit | 42a1c6e99ee9614bf3aeaf19f3c2ce369a7e57a8 (patch) | |
tree | 221ae8f96d6a55398c89578d635af74e66b31534 | |
parent | 433c8135fe0bc849bae07b5af6d2dea66c06eca8 (diff) |
Store the manager session ID explicitly as 4 byte ID instead of a ulong. The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@114591 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | include/asterisk/manager.h | 4 | ||||
-rw-r--r-- | main/manager.c | 14 |
2 files changed, 9 insertions, 9 deletions
diff --git a/include/asterisk/manager.h b/include/asterisk/manager.h index 39a0ca478..cc4e971c9 100644 --- a/include/asterisk/manager.h +++ b/include/asterisk/manager.h @@ -111,7 +111,7 @@ int ast_manager_unregister( char *action ); * \param perm permission mask to verify * \returns 1 if the session has the permission mask capabilities, otherwise 0 */ -int astman_verify_session_readpermissions(unsigned long ident, int perm); +int astman_verify_session_readpermissions(uint32_t ident, int perm); /*! * \brief Verify a session's write permissions against a permission mask. @@ -119,7 +119,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm); * \param perm permission mask to verify * \returns 1 if the session has the permission mask capabilities, otherwise 0 */ -int astman_verify_session_writepermissions(unsigned long ident, int perm); +int astman_verify_session_writepermissions(uint32_t ident, int perm); /*! External routines may send asterisk manager events this way */ /*! \param category Event category, matches manager authorization diff --git a/main/manager.c b/main/manager.c index 3204edad8..4d1d8ceea 100644 --- a/main/manager.c +++ b/main/manager.c @@ -151,7 +151,7 @@ struct mansession { /*! Whether an HTTP session has someone waiting on events */ pthread_t waiting_thread; /*! Unique manager identifer */ - unsigned long managerid; + uint32_t managerid; /*! Session timeout if HTTP */ time_t sessiontimeout; /*! Output from manager interface */ @@ -2578,7 +2578,7 @@ int ast_manager_register2(const char *action, int auth, int (*func)(struct manse /*! @} END Doxygen group */ -static struct mansession *find_session(unsigned long ident) +static struct mansession *find_session(uint32_t ident) { struct mansession *s; @@ -2596,7 +2596,7 @@ static struct mansession *find_session(unsigned long ident) return s; } -int astman_verify_session_readpermissions(unsigned long ident, int perm) +int astman_verify_session_readpermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -2615,7 +2615,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm) return result; } -int astman_verify_session_writepermissions(unsigned long ident, int perm) +int astman_verify_session_writepermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -2644,7 +2644,7 @@ static char *contenttype[] = { "plain", "html", "xml" }; static char *generic_http_callback(int format, struct sockaddr_in *requestor, const char *uri, struct ast_variable *params, int *status, char **title, int *contentlength) { struct mansession *s = NULL; - unsigned long ident = 0; + uint32_t ident = 0; char workspace[512]; char cookie[128]; size_t len = sizeof(workspace); @@ -2655,7 +2655,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co for (v = params; v; v = v->next) { if (!strcasecmp(v->name, "mansession_id")) { - sscanf(v->value, "%lx", &ident); + sscanf(v->value, "%x", &ident); break; } } @@ -2728,7 +2728,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co s->needdestroy = 1; } ast_build_string(&c, &len, "Content-type: text/%s\r\n", contenttype[format]); - sprintf(tmp, "%08lx", s->managerid); + sprintf(tmp, "%08x", s->managerid); ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie))); if (format == FORMAT_HTML) ast_build_string(&c, &len, "<title>Asterisk™ Manager Interface</title>"); |