diff options
| author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 18:01:00 +0000 |
|---|---|---|
| committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-04-23 18:01:00 +0000 |
| commit | 06e18514abad51e32e78fdc8c33f30c7a50bf107 (patch) | |
| tree | 0b2caa6e19f7009daadc3e7972fbce8228dc0ed9 /main | |
| parent | 40e1645b9f698a52fe6a5c7e927e012348edfe0b (diff) | |
Merged revisions 114591 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r114591 | russell | 2008-04-23 12:55:31 -0500 (Wed, 23 Apr 2008) | 5 lines
Store the manager session ID explicitly as 4 byte ID instead of a ulong. The
mansession_id cookie is coded to be limited to 8 characters of hex, and this
could break logins from 64-bit machines in some cases.
(inspired by AST-20)
........
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@114592 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main')
| -rw-r--r-- | main/manager.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/main/manager.c b/main/manager.c index 47eb6ff10..82cf5647c 100644 --- a/main/manager.c +++ b/main/manager.c @@ -154,7 +154,7 @@ struct mansession { int inuse; /*!< number of HTTP sessions using this entry */ int needdestroy; /*!< Whether an HTTP session should be destroyed */ pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */ - unsigned long managerid; /*!< Unique manager identifier, 0 for AMI sessions */ + uint32_t managerid; /*!< Unique manager identifier, 0 for AMI sessions */ time_t sessionstart; /*!< Session start time */ time_t sessiontimeout; /*!< Session timeout if HTTP */ char username[80]; /*!< Logged in username */ @@ -3209,7 +3209,7 @@ static char *contenttype[] = { * the value of the mansession_id cookie (0 is not valid and means * a session on the AMI socket). */ -static struct mansession *find_session(unsigned long ident) +static struct mansession *find_session(uint32_t ident) { struct mansession *s; @@ -3230,7 +3230,7 @@ static struct mansession *find_session(unsigned long ident) return s; } -int astman_verify_session_readpermissions(unsigned long ident, int perm) +int astman_verify_session_readpermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -3249,7 +3249,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm) return result; } -int astman_verify_session_writepermissions(unsigned long ident, int perm) +int astman_verify_session_writepermissions(uint32_t ident, int perm) { int result = 0; struct mansession *s; @@ -3504,7 +3504,7 @@ static struct ast_str *generic_http_callback(enum output_format format, char **title, int *contentlength) { struct mansession *s = NULL; - unsigned long ident = 0; /* invalid, so find_session will fail if not set through the cookie */ + uint32_t ident = 0; int blastaway = 0; struct ast_variable *v; char template[] = "/tmp/ast-http-XXXXXX"; /* template for temporary file */ @@ -3515,7 +3515,7 @@ static struct ast_str *generic_http_callback(enum output_format format, for (v = params; v; v = v->next) { if (!strcasecmp(v->name, "mansession_id")) { - sscanf(v->value, "%lx", &ident); + sscanf(v->value, "%x", &ident); break; } } @@ -3582,7 +3582,7 @@ static struct ast_str *generic_http_callback(enum output_format format, ast_str_append(&out, 0, "Content-type: text/%s\r\n" "Cache-Control: no-cache;\r\n" - "Set-Cookie: mansession_id=\"%08lx\"; Version=\"1\"; Max-Age=%d\r\n" + "Set-Cookie: mansession_id=\"%08x\"; Version=\"1\"; Max-Age=%d\r\n" "\r\n", contenttype[format], s->managerid, httptimeout); |