Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -N -r1.95.2.4 -r1.95.2.5
--- openacs-4/packages/acs-tcl/acs-tcl.info 29 Sep 2019 16:07:19 -0000 1.95.2.4
+++ openacs-4/packages/acs-tcl/acs-tcl.info 8 Oct 2019 16:28:28 -0000 1.95.2.5
@@ -9,7 +9,7 @@
f
t
-
+
OpenACS
The Kernel Tcl API library.
2017-08-06
@@ -18,7 +18,7 @@
GPL version 2
3
-
+
Index: openacs-4/packages/acs-tcl/tcl/http-auth-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/http-auth-procs.tcl,v
diff -u -N -r1.4.2.1 -r1.4.2.2
--- openacs-4/packages/acs-tcl/tcl/http-auth-procs.tcl 10 Apr 2019 20:49:53 -0000 1.4.2.1
+++ openacs-4/packages/acs-tcl/tcl/http-auth-procs.tcl 8 Oct 2019 16:28:28 -0000 1.4.2.2
@@ -5,34 +5,59 @@
namespace eval http_auth {}
+ad_proc -public http_auth::basic_authentication_decode {
+ authorization
+} {
+ Implements decoding of authorization header as defined in RFC 7617
+ "username" containing a colon character is invalid (see RFC 7617,
+ Section 2).
+
+ @param authorization content of "Authorization:" reply header field,
+ such as e.g. "Basic 29234k3j49a"
+ @result dict containing password and user
+} {
+ set decoded [ns_uudecode [lindex [split $authorization " "] 1]]
+ #
+ # $decoded should be of the form "user:password".
+ #
+ # The pair is invalid at least in the following situations:
+ # - the username contains a colon
+ # - the username is empty
+ # - $decoded contains no colon
+ #
+ set delimiterPos [string first : $decoded]
+ if {$delimiterPos > 0} {
+ set user [string range $decoded 0 $delimiterPos-1]
+ set password [string range $decoded $delimiterPos+1 end]
+ } else {
+ ns_log warning "protocol-handler: invalid user/password pair provided: $decoded"
+ set password ""
+ set user ""
+ }
+ return [list password $password user $user]
+}
+
ad_proc http_auth::set_user_id {} {
Get the user_id from HTTP authentication headers.
NOTE: This should be handled through SSL since plain
HTTP auth is easy to decode
} {
# should be something like "Basic 29234k3j49a"
- set a [ns_set get [ns_conn headers] Authorization]
- if {[string length $a]} {
- ns_log debug "\nTDAV auth_check authentication info $a"
- # get the second bit, the base64 encoded bit
- set up [lindex [split $a " "] 1]
- # after decoding, it should be user:password; get the username
- lassign [split [ns_uudecode $up] ":"] user password
- ns_log debug "\nACS VERSION [ad_acs_version]"
- ns_log debug "\nHTTP authentication"
- # check all authorities
+ set authorization [ns_set iget [ns_conn headers] Authorization]
+ if {[string length $authorization] > 0} {
+ set credentials [http_auth::basic_authentication_decode $authorization]
foreach authority [auth::authority::get_authority_options] {
set authority_id [lindex $authority 1]
array set auth [auth::authenticate \
- -username $user \
- -password $password \
+ -username [dict get $credentials user] \
+ -password [dict get $credentials password] \
-authority_id $authority_id \
-no_cookie]
if {$auth(auth_status) ne "ok" } {
array set auth [auth::authenticate \
- -email $user \
- -password $password \
+ -email [dict get $credentials user] \
+ -password [dict get $credentials password] \
-authority_id $authority_id \
-no_cookie]
}
Index: openacs-4/packages/oacs-dav/oacs-dav.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/oacs-dav/oacs-dav.info,v
diff -u -N -r1.14 -r1.14.2.1
--- openacs-4/packages/oacs-dav/oacs-dav.info 5 Aug 2018 22:03:46 -0000 1.14
+++ openacs-4/packages/oacs-dav/oacs-dav.info 8 Oct 2019 16:28:28 -0000 1.14.2.1
@@ -8,16 +8,17 @@
t
webdav-support
-
+
Dave Bauer
Provides services to enable webDAV access to content repository items.
2017-08-06
OpenACS
1
An interface to the tDAV webDAV package. oacs-dav provides services to offer webDAV access to content repository data.
-
-
+
+
+
Index: openacs-4/packages/oacs-dav/tcl/oacs-dav-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/oacs-dav/tcl/oacs-dav-procs.tcl,v
diff -u -N -r1.24.2.1 -r1.24.2.2
--- openacs-4/packages/oacs-dav/tcl/oacs-dav-procs.tcl 12 Apr 2019 21:32:54 -0000 1.24.2.1
+++ openacs-4/packages/oacs-dav/tcl/oacs-dav-procs.tcl 8 Oct 2019 16:28:28 -0000 1.24.2.2
@@ -1,5 +1,3 @@
-# /packages/oacs-dav/tcl/oacs-dav-procs.tcl
-ns_log debug "\nLoading oacs-dav-procs.tcl"
ad_library {
Support for tDAV Tcl webDAV implementation
@@ -12,29 +10,6 @@
namespace eval oacs_dav {}
-ad_proc oacs_dav::urlencode { string } {
- urlencode allowing characters according to rfc 1738
- http://www.w3.org/Addressing/rfc1738.txt
-
- "Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
- reserved characters used for their reserved purposes may be used
- unencoded within a URL."
-
- ignore + used to encode spaces in query strings
-
- This is mainly to support MS Web Folders which do not follow the
- spec which states that any character may be urlencoded. Web Folders
- rejects the entire collection as invalid if a filename contains
- one of these characters encoded.
-
-} {
- set encoded_string [ns_urlencode $string]
- set encoded_string [string map -nocase \
- {+ %20 %2d - %5f _ %24 $ %2e . %21 ! %28 ( %29 ) %27 ' %2c ,} $encoded_string]
-
- return $encoded_string
-}
-
ad_proc oacs_dav::folder_enabled {
-folder_id
} {
@@ -50,34 +25,29 @@
ad_proc oacs_dav::set_user_id {} {
set user_id based on authentication header
} {
-
- # should be something like "Basic 29234k3j49a"
- set a [ns_set get [ns_conn headers] Authorization]
- if {[string length $a]} {
- ns_log debug "\nTDAV auth_check authentication info $a"
- # get the second bit, the base64 encoded bit
- set up [lindex [split $a " "] 1]
- # after decoding, it should be user:password; get the username
- set user [lindex [split [ns_uudecode $up] ":"] 0]
- set password [lindex [split [ns_uudecode $up] ":"] 1]
- ns_log debug "\nACS VERSION [ad_acs_version]"
-
-
+ #
+ # Get Authorization header.
+ #
+ set authorization [ns_set iget [ns_conn headers] Authorization]
+ if {[string length $authorization]} {
+ set credentials [http_auth::basic_authentication_decode $authorization]
ns_log debug "\nTDAV 5.0 authentication"
+ #
# check all authorities
+ #
foreach authority [auth::authority::get_authority_options] {
set authority_id [lindex $authority 1]
array set auth [auth::authenticate \
- -username $user \
- -password $password \
- -authority_id $authority_id \
- -no_cookie]
+ -username [dict get $credentials user] \
+ -password [dict get $credentials password] \
+ -authority_id $authority_id \
+ -no_cookie]
if {$auth(auth_status) ne "ok" } {
array set auth [auth::authenticate \
- -email $user \
- -password $password \
- -authority_id $authority_id \
- -no_cookie]
+ -email [dict get $credentials user] \
+ -password [dict get $credentials password] \
+ -authority_id $authority_id \
+ -no_cookie]
}
if {$auth(auth_status) eq "ok"} {
# we can stop checking
@@ -753,7 +723,7 @@
set depth [oacs_dav::conn depth]
set encoded_uri [list]
foreach fragment [split [ad_conn url] "/"] {
- lappend encoded_uri [oacs_dav::urlencode $fragment]
+ lappend encoded_uri [ns_urlencode $fragment]
}
set folder_uri "[ad_conn location][join $encoded_uri "/"]"
@@ -789,7 +759,7 @@
} else {
set encoded_uri [list]
foreach fragment [split $item_uri "/"] {
- lappend encoded_uri [oacs_dav::urlencode $fragment]
+ lappend encoded_uri [ns_urlencode $fragment]
# ns_log debug "\npropfind: fragment \"$fragment\" encoded_uri \"$encoded_uri\" "
}
set item_uri "/[join $encoded_uri "/"]"
@@ -1085,7 +1055,7 @@
return [list 409]
}
set dest_item_id [db_string get_dest_id "" -default ""]
-ns_log debug "\nDAV Revision Copy dest $target_uri parent_id $new_parent_folder_id"
+ ns_log debug "\nDAV Revision Copy dest $target_uri parent_id $new_parent_folder_id"
if {$dest_item_id ne ""} {
ns_log debug "\n ----- \n DAV Revision Copy Folder Exists item_id $dest_item_id overwrite $overwrite \n ----- \n"
if {![string equal -nocase $overwrite "T"]} {
Index: openacs-4/packages/oacs-dav/tcl/tDAV-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/oacs-dav/tcl/tDAV-procs.tcl,v
diff -u -N -r1.19 -r1.19.2.1
--- openacs-4/packages/oacs-dav/tcl/tDAV-procs.tcl 17 May 2018 14:19:23 -0000 1.19
+++ openacs-4/packages/oacs-dav/tcl/tDAV-procs.tcl 8 Oct 2019 16:28:28 -0000 1.19.2.1
@@ -1182,13 +1182,14 @@
}
proc tdav::filter_stuff_nsperm {args} {
-# should be something like "Basic 29234k3j49a"
- set a [ns_set get [ns_conn headers] Authorization]
- # get the second bit, the base64 encoded bit
- set up [lindex [split $a " "] 1]
- # after decoding, it should be user:password; get the username
- set user [lindex [split [ns_uudecode $up] ":"] 0]
-
+ # should be something like "Basic 29234k3j49a"
+ set authorization [ns_set iget [ns_conn headers] Authorization]
+ if {[string length $authorization] > 0} {
+ set user [dict get $credentials user]
+ #
+ # GN: this is unfinished (but now fixed) code....
+ #
+ }
return filter_ok
}
Index: openacs-4/packages/xotcl-core/xotcl-core.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/xotcl-core.info,v
diff -u -N -r1.106.2.9 -r1.106.2.10
--- openacs-4/packages/xotcl-core/xotcl-core.info 30 Sep 2019 21:21:37 -0000 1.106.2.9
+++ openacs-4/packages/xotcl-core/xotcl-core.info 8 Oct 2019 16:28:28 -0000 1.106.2.10
@@ -10,7 +10,7 @@
t
xotcl
-
+
Gustaf Neumann
XOTcl library functionality (e.g. thread handling, online documentation, Generic Form and List Classes)
2017-08-06
@@ -43,12 +43,12 @@
BSD-Style
2
-
+
-
+
Index: openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl,v
diff -u -N -r1.30.2.4 -r1.30.2.5
--- openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl 8 Oct 2019 09:18:48 -0000 1.30.2.4
+++ openacs-4/packages/xotcl-core/tcl/50-protocol-handler-procs.tcl 8 Oct 2019 16:28:28 -0000 1.30.2.5
@@ -26,49 +26,28 @@
#
#next "xo::ProtocolHandler: $message"
}
-
+
ProtocolHandler ad_instproc set_user_id {} {
Set user_id based on authentication header
} {
:log "[ns_conn method] request comes with headers [ns_set array [ns_conn headers]]"
set ah [ns_set iget [ns_conn headers] Authorization]
if {$ah ne ""} {
#
- # The content of the authorization header should be something
- # like "Basic 29234k3j49a".
+ # Get credentials from a basic authentication string like
+ # "Basic 29234k3j49a".
#
- :log "auth_check authentication info $ah"
- #
- # Get the base64 encoded element of the authorization
- # header (2nd element)
- #
- set decoded [ns_uudecode [lindex [split $ah " "] 1]]
- #
- # $decoded should be of the form "user:password".
- #
- # The pair is invalid at least in the following situations:
- # - the username contains a colon
- # - the username is empty
- # - $up contains no colon
- #
- set delimiterPos [string first : $decoded]
- if {$delimiterPos > 0} {
- set user [string range $decoded 0 $delimiterPos-1]
- set password [string range $decoded $delimiterPos+1 end]
- } else {
- ns_log warning "protocol-handler: invalid user/password pair provided: $decoded"
- set password ""
- set user ""
- }
+ set credentials [http_auth::basic_authentication_decode $ah]
set auth [auth::authenticate \
- -username $user \
+ -username [dict get $credentials user] \
-authority_id [::auth::get_register_authority] \
- -password $password]
- :log "auth $user $password returned $auth"
+ -password [dict get $credentials password]]
+
if {[dict get $auth auth_status] ne "ok"} {
set auth [auth::authenticate \
- -email $user \
- -password $password]
+ -email [dict get $credentials user] \
+ -password [dict get $credentials password]]
+
if {[dict get $auth auth_status] ne "ok"} {
:log "auth status [dict get $auth auth_status]"
set :user_id 0