X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=f3209facc74f15c2de5e692941893569ef456920;hb=40aa63f285b9a2ed67aac67055a205de1a8d95ba;hp=30105cb8341cdfa253e5cd51c052ddf9ce2154c2;hpb=4c11eff00a00e4b744eff9a6633c1b5608844632;p=matches%2FMCTX3420.git diff --git a/server/login.c b/server/login.c index 30105cb..f3209fa 100644 --- a/server/login.c +++ b/server/login.c @@ -170,6 +170,8 @@ UserType Login_Shadow(const char * user, const char * pass, const char * shadow) passwd_index = -1; } + fclose(f); + if (passwd_index <= 0) { //Log(LOGDEBUG,"No user found matching %s\n", user); @@ -278,14 +280,18 @@ int Login_LDAP_Bind(const char * uri, const char * dn, const char * pass) void Logout_Handler(FCGIContext * context, char * params) { FCGI_ReleaseControl(context); - FCGI_AcceptJSON(context, "Logged out", "0"); + FCGI_SendControlCookie(context, false); //Unset the cookie + FCGI_AcceptJSON(context, "Logged out"); } /** * Handle a Login Request * @param context - The context - * @param params - Parameter string, should contain username and password + * @param params - Parameter string, should contain username and password. + * NOTE: Care should be taken when using params, as it is + * completely unescaped. Do not log or use it without + * suitable escaping. */ void Login_Handler(FCGIContext * context, char * params) { @@ -327,7 +333,7 @@ void Login_Handler(FCGIContext * context, char * params) case AUTH_LDAP: { - if (strlen(pass) <= 0) + if (*pass == '\0') { FCGI_RejectJSON(context, "No password supplied."); return; @@ -419,7 +425,8 @@ void Login_Handler(FCGIContext * context, char * params) { FCGI_EscapeText(context->user_name); //Don't break javascript pls // Give the user a cookie - FCGI_AcceptJSON(context, "Logged in", context->control_key); + FCGI_SendControlCookie(context, true); //Send the control key + FCGI_AcceptJSON(context, "Logged in"); Log(LOGDEBUG, "Successful authentication for %s", user); } else