Store the manager session ID explicitly as 4 byte ID instead of a ulong. The

mansession_id cookie is coded to be limited to 8 characters of hex, and this could break logins from 64-bit machines in some cases. (inspired by AST-20) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@114591 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-11-18 15:49:56 +00:00 · 2008-04-23 17:55:31 +00:00
parent 694a6b4abb
commit f8848a7fe8
2 changed files with 9 additions and 9 deletions
--- a/include/asterisk/manager.h
+++ b/include/asterisk/manager.h
@@ -111,7 +111,7 @@ int ast_manager_unregister( char *action );
 * \param perm permission mask to verify
 * \returns 1 if the session has the permission mask capabilities, otherwise 0
 */
-int astman_verify_session_readpermissions(unsigned long ident, int perm);
+int astman_verify_session_readpermissions(uint32_t ident, int perm);
 /*!
 * \brief Verify a session's write permissions against a permission mask.  
@@ -119,7 +119,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm);
 * \param perm permission mask to verify
 * \returns 1 if the session has the permission mask capabilities, otherwise 0
 */
-int astman_verify_session_writepermissions(unsigned long ident, int perm);
+int astman_verify_session_writepermissions(uint32_t ident, int perm);
 /*! External routines may send asterisk manager events this way */
 /*! 	\param category	Event category, matches manager authorization
--- a/main/manager.c
+++ b/main/manager.c
@@ -151,7 +151,7 @@ struct mansession {
 	/*! Whether an HTTP session has someone waiting on events */
 	pthread_t waiting_thread;
 	/*! Unique manager identifer */
-	unsigned long managerid;
+	uint32_t managerid;
 	/*! Session timeout if HTTP */
 	time_t sessiontimeout;
 	/*! Output from manager interface */
@@ -2578,7 +2578,7 @@ int ast_manager_register2(const char *action, int auth, int (*func)(struct manse
 /*! @}
 END Doxygen group */
-static struct mansession *find_session(unsigned long ident)
+static struct mansession *find_session(uint32_t ident)
 {
 	struct mansession *s;
@@ -2596,7 +2596,7 @@ static struct mansession *find_session(unsigned long ident)
 	return s;
 }
-int astman_verify_session_readpermissions(unsigned long ident, int perm)
+int astman_verify_session_readpermissions(uint32_t ident, int perm)
 {
 	int result = 0;
 	struct mansession *s;
@@ -2615,7 +2615,7 @@ int astman_verify_session_readpermissions(unsigned long ident, int perm)
 	return result;
 }
-int astman_verify_session_writepermissions(unsigned long ident, int perm)
+int astman_verify_session_writepermissions(uint32_t ident, int perm)
 {
 	int result = 0;
 	struct mansession *s;
@@ -2644,7 +2644,7 @@ static char *contenttype[] = { "plain", "html", "xml" };
 static char *generic_http_callback(int format, struct sockaddr_in *requestor, const char *uri, struct ast_variable *params, int *status, char **title, int *contentlength)
 {
 	struct mansession *s = NULL;
-	unsigned long ident = 0;
+	uint32_t ident = 0;
 	char workspace[512];
 	char cookie[128];
 	size_t len = sizeof(workspace);
@@ -2655,7 +2655,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co
 	for (v = params; v; v = v->next) {
 		if (!strcasecmp(v->name, "mansession_id")) {
-			sscanf(v->value, "%lx", &ident);
+			sscanf(v->value, "%x", &ident);
 			break;
 		}
 	}
@@ -2728,7 +2728,7 @@ static char *generic_http_callback(int format, struct sockaddr_in *requestor, co
 			s->needdestroy = 1;
 		}
 		ast_build_string(&c, &len, "Content-type: text/%s\r\n", contenttype[format]);
-		sprintf(tmp, "%08lx", s->managerid);
+		sprintf(tmp, "%08x", s->managerid);
 		ast_build_string(&c, &len, "%s\r\n", ast_http_setcookie("mansession_id", tmp, httptimeout, cookie, sizeof(cookie)));
 		if (format == FORMAT_HTML)
 			ast_build_string(&c, &len, "<title>Asterisk&trade; Manager Interface</title>");