* [PATCH] cvsserver: anonymous cvs via pserver support
@ 2006-03-04 7:30 Martin Langhoff
0 siblings, 0 replies; only message in thread
From: Martin Langhoff @ 2006-03-04 7:30 UTC (permalink / raw
To: git, junkio; +Cc: Martin Langhoff
git-cvsserver now knows how to do the pserver auth chat when the user
is anonymous. To get it to work, add a line to your inetd.conf like
cvspserver stream tcp nowait nobody git-cvsserver pserver
(On some inetd implementations you may have to put the pserver parameter twice.)
Commits are blocked. Naively, git-cvsserver assumes non-malicious users. Please
review the code before setting this up on an internet-accessible server.
NOTE: the <nobody> user above will need write access to the .git directory
to maintain the sqlite database. Updating of the sqlite database should be
put in an update hook to avoid this problem, so that it is maintained by
users with write access.
Signed-off-by: Martin Langhoff <martin@catalyst.net.nz>
---
git-cvsserver.perl | 34 ++++++++++++++++++++++++++++++++++
1 files changed, 34 insertions(+), 0 deletions(-)
91a6bf468230d63c414a21adeef94f1242eaaaab
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index b450792..7d3f78e 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -87,6 +87,31 @@ $log->info("--------------- STARTING ---
my $TEMP_DIR = tempdir( CLEANUP => 1 );
$log->debug("Temporary directory is '$TEMP_DIR'");
+# if we are called with a pserver argument,
+# deal with the authentication cat before entereing the
+# main loop
+if (@ARGV && $ARGV[0] eq 'pserver') {
+ my $line = <STDIN>; chomp $line;
+ unless( $line eq 'BEGIN AUTH REQUEST') {
+ die "E Do not understand $line - expecting BEGIN AUTH REQUEST\n";
+ }
+ $line = <STDIN>; chomp $line;
+ req_Root('root', $line) # reuse Root
+ or die "E Invalid root $line \n";
+ $line = <STDIN>; chomp $line;
+ unless ($line eq 'anonymous') {
+ print "E Only anonymous user allowed via pserver\n";
+ print "I HATE YOU\n";
+ }
+ $line = <STDIN>; chomp $line; # validate the password?
+ $line = <STDIN>; chomp $line;
+ unless ($line eq 'END AUTH REQUEST') {
+ die "E Do not understand $line -- expecting END AUTH REQUEST\n";
+ }
+ print "I LOVE YOU\n";
+ # and now back to our regular programme...
+}
+
# Keep going until the client closes the connection
while (<STDIN>)
{
@@ -165,6 +190,7 @@ sub req_Root
print "E the repo config file needs a [gitcvs] section added, and the parameter 'enabled' set to 1\n";
print "E \n";
print "error 1 GITCVS emulation disabled\n";
+ return 0;
}
if ( defined ( $cfg->{gitcvs}{logfile} ) )
@@ -173,6 +199,8 @@ sub req_Root
} else {
$log->nofile();
}
+
+ return 1;
}
# Global_option option \n
@@ -914,6 +942,12 @@ sub req_ci
$log->info("req_ci : " . ( defined($data) ? $data : "[NULL]" ));
+ if ( @ARGV && $ARGV[0] eq 'pserver')
+ {
+ print "error 1 pserver access cannot commit\n";
+ exit;
+ }
+
if ( -e $state->{CVSROOT} . "/index" )
{
print "error 1 Index already exists in git repo\n";
--
1.2.4.g09a27-dirty
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2006-03-04 7:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-04 7:30 [PATCH] cvsserver: anonymous cvs via pserver support Martin Langhoff
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).