| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
When a configuration is changed from the top-level directory, it should
be reflected on the subprojects as well.
Note: still, "make clean" is required so that the objects are built with
the new configuration flags.
|
| |
|
|
|
| |
Traditionally, this flag is set by users via the CFLAGS environment
variable, rather than including it by default.
|
| |
|
|
|
|
|
|
|
| |
Ideally, these flags must be appended to those introduced by the project
(e.g.: if user enters -Oz as CFLAGS, then -O1 and -Oz would co-exist and
the compiler would choose the later), rather than replacing them.
Additionally, user CFLAGS/LDFLAGS should be passed to children projects,
too.
|
| |
|
|
|
|
|
|
|
| |
The thumbnail subproject has dependencies against dynstr and
ImageMagick6, which might or might not be available on the system, or
might have been installed to non-standard paths.
Therefore, it is more robust to rely on a configure script that checks
whether the packages are available and how to deal with CFLAGS/LDFLAGS.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Otherwise, compilation could fail because zlib's header files and/or
library cannot be found on the system.
Additionally, since fdzipstream depends on zlib, zlib's ldflags must be
appended to those from fdzipstream, rather than hardcoding -lz.
|
| |
|
|
|
|
|
|
| |
Otherwise, compilation could fail because libcjson's header files
and/or library cannot be found on the system.
Additionally, -lcjson should not be hardcoded to the ldflags, as this
is better handled by pkg-config(1).
|
| | |
|
| |
|
|
|
|
|
| |
libweb has introduced several breaking changes:
- Add optional expiration date to http_cookie_create
- Replace Makefile with configure script
|
| |
|
|
|
|
| |
If users send no payload data to a POST request, libweb sets a null
pointer as part of the payload. Therefore, null pointers must always be
checked as a sanity check.
|
| |
|
|
|
| |
Otherwise, usergen(1) would be built without linking against libsodium,
and thus would fail to build.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The following commit fixes a memory leak caused by untrusted user input:
commit 953210bd1930e1734f1acde86eadd7a1997bb7c3
Author: Xavier Del Campo Romero
Date: Sun Oct 26 20:12:46 2025 +0100
form.c: Fix leak on invalid form
When one or more entries have been appended to a struct form instance,
but then an error occurs, those valid entries must be deallocated, too.
|
| |
|
|
|
|
|
|
|
|
| |
This was a leftover from the following commit:
commit 10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b
Author: Xavier Del Campo Romero
Date: Wed Oct 8 13:50:52 2025 +0200
Replace OpenSSL with libsodium and argon2id
|
| | |
|
| |
|
|
|
|
|
| |
Otherwise, it is not ensured web browsers would translate a relative
directory such as "dir/.." to a URL with a trailing '/'. Therefore, a
POST request to "/user?download=1" would fail because slcl only
considers "/user/" (note the trailing '/') as valid.
|
| |
|
|
|
|
|
|
| |
When an empty directory is to be downloaded, z->lread would always equal
zero because read_file is never called.
Therefore, it is more sensible not to assume any number of bytes, and
just dump as much data as possible into buf.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This functionality was moved from slcl to libweb since it can be shared
with other web applications.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, cookies set by previous, OpenSSL-based versions of slcl would
be now invalidated because URL-safe base64 transforms some characters,
thus breaking backwards compatiblity.
For example, '/' is transformed into '_' on the example cookies below:
- Original base64 encoding:
a=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJuYW1lIjogImEifQ==.jgp/SsraDR/3zlAnDLyj05VHulUNbDNHaPowvUkLto4=
- URL-safe base64 encoding:
a=eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJuYW1lIjogImEifQ==.jgp_SsraDR_3zlAnDLyj05VHulUNbDNHaPowvUkLto4=
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SHA256-based password hashing algorithm used by slcl(1) and
usergen(1) is considered insecure against several kinds of attacks,
including brute force attacks. [1]
Therefore, a stronger password hashing algorithm based on the Argon2id
key derivation function is now used by default. While OpenSSL does
support Argon2id, it is only supported by very recent versions [2],
which are still not packaged by most distributions as of the time of
this writing. [3]
As an alternative to OpenSSL, libsodium [4] had several benefits:
- It provides easy-to-use functions for password hashing, base64
encoding/decoding and other cryptographic primitives used by slcl(1)
and usergen(1).
- It is packaged by most distributions [5], and most often only the patch
version differs, which ensures good compatibility across distributions.
Unfortunately, and as opposed to OpenSSL, libsodium does not come with
command-line tools. Therefore, usergen(1) had to be rewritten in C.
In order to maintain backwards compatiblity with existing databases,
slcl(1) and usergen(1) shall support the insecure, SHA256-based password
hashing algorithm. However, Argon2id shall now be the default choice for
usergen(1).
[1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords
[2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/
[3]: https://repology.org/project/openssl/versions
[4]: https://www.libsodium.org/
[5]: https://repology.org/project/libsodium/versions
|
| |
|
|
|
|
| |
libweb now supports deallocating user-defined data whenever an error
occurs during a chunked transfer or an asynchronous HTTP response, thus
avoiding memory leaks.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, clicking on a directory name previewed it, whereas clicking on a
file name would download it, and file previews were on a separate
column. This behaviour was found to be confusing, so it has been
simplified.
Now, clicking on a file or directory name would preview it. On the other
hand, the "Preview" column has been replaced with a "Download" column,
so that both files and directories can be downloaded.
Thanks to Avron for the suggestion. [1]
[1]: https://codeberg.org/xavidcr/slcl/issues/2
|
| |
|
|
|
|
| |
It feels more intuitive to keep the thumbnail and file name as first
columns. It is assumed removing files and/or directories is not the
main interaction from users.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thanks to the fdzipstream library [1] and zlib [2], it is possible to
generate ZIP files on-the-fly, therefore requiring no extra disk space
usage and only a small amount of memory.
Unfortunately, as of the time of this writing fdzipstream is not
packaged by any distributions yet [3], so it had to be imported as a git
submodule as a workaround.
While libarchive [4] could be an interesting alternative, writing ZIP
files is only supported by very recent versions (>= 3.8.0), which are
still not packaged by many distributions [5], either.
Moreover, libarchive is a package with several dependencies other than
zlib and is significantly larger compared to fdzipstreams, so
fdzipstreams was ultimately considered a better fit for this purpose.
[1]: https://github.com/CTrabant/fdzipstream.git
[2]: http://zlib.net/
[3]: https://repology.org/projects/?search=fdzipstream
[4]: https://www.libarchive.org/
[5]: https://repology.org/project/libarchive/versions
|
| | |
|
| |
|
|
|
|
| |
Thanks to Avron for the suggestion. [1]
[1]: https://codeberg.org/xavidcr/slcl/issues/2
|
| |
|
|
|
|
| |
Thanks to Avron for the suggestion. [1]
[1]: https://codeberg.org/xavidcr/slcl/issues/2
|
| |
|
|
|
| |
libweb now allows to set up a custom value for the backlog argument in
the internal call to listen(2).
|
| |
|
|
|
|
|
|
| |
The older, synchronous implementation for cftw recursed as long as there
were children directories and, finally, it called the user function.
This commit therefore fixes the newer, asynchronous implementation to
honor that behaviour. Otherwise, rmdir_r would fail because rmdir(2)
would be called for non-empty directories.
|
| |
|
|
|
|
| |
The base64 string is considered untrusted input and, therefore, it might
cause a decoding error. Therefore, this should not cause the server to
close.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4fa1b3e8 missed to update other calls to cftw that were still
relying on the older interface, causing unexpected errors.
As a side effect, user quotas are now calculated asynchronously i.e.,
without blocking other clients.
While the same improvement was planned for the /rm endpoint, it proved
too challenging to implement for a first refactor: on one hand, /rm
takes one or more key-value pairs involving the top-level directories
and/or files to remove. On the other hand, every directory must be
traversed recursively as rmdir(2) must be used on empty directories.
While certainly possible, it was considered to keep a synchronous
behaviour for do_rm for the sake of simplicity.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
So far, auth_login was looking for a key that matched the expected HMAC,
among all registered users, and therefore without looking up the
username from the cookie key.
This allowed attackers to forge a cookie with a valid key but another
username, and therefore see the contents from other users.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was a leftover from the following commit:
commit 173528aef50a4b452acdd8ec9aff13f25c3e092c
Author: Xavier Del Campo Romero
Date: Wed Sep 24 11:01:31 2025 +0200
Make search non-blocking
Thanks to a new feature in libweb, it is now possible to generate HTTP
responses asynchronously i.e., without blocking other clients if the
response takes a long time to generate.
This now allow users to search for files or directories without blocking
other users, regardless how much time the search operation takes.
This required cftw to deviate from the POSIX-like, blocking interface it
had so far, and has been replaced now with a non-blocking interface, so
that directories are inspected one entry at a time.
|
