[Pkg-cvs-commits] r31 - in /trunk: changelog
patches/68_DSA_external_passwd_file
93sam at users.alioth.debian.org
93sam at users.alioth.debian.org
Sun Aug 20 00:00:36 UTC 2006
Author: 93sam
Date: Sun Aug 20 00:00:30 2006
New Revision: 31
URL: http://svn.debian.org/wsvn/?sc=1&rev=31
Log:
Add 68_DSA_external_passwd_file: patch similar to one from the Debian
DSA team to optionally use an external passwd file rather than
CVSROOT/passwd
Added:
trunk/patches/68_DSA_external_passwd_file
Modified:
trunk/changelog
Modified: trunk/changelog
URL: http://svn.debian.org/wsvn/trunk/changelog?rev=31&op=diff
==============================================================================
--- trunk/changelog (original)
+++ trunk/changelog Sun Aug 20 00:00:30 2006
@@ -15,10 +15,12 @@ cvs (1:1.12.13-4) unstable; urgency=low
(Closes: #381742)
[ Steve McIntyre ]
* debian/patches:
- + Add 94_rcsbuf_crash: parse old-style tag= and tagexpand=
+ + Add 68_DSA_external_passwd_file: patch from the Debian DSA team to
+ optionally use an external passwd file rather than CVSROOT/passwd
+ + Fix 94_parseopts: parse old-style tag= and tagexpand=
options in the options files properly, don't crash!
- -- Zak B. Elep <zakame at spunge.org> Mon, 14 Aug 2006 23:33:09 +0800
+ -- Steve McIntyre <93sam at debian.org> Thu, 17 Aug 2006 00:18:01 +0100
cvs (1:1.12.13-3) unstable; urgency=low
Added: trunk/patches/68_DSA_external_passwd_file
URL: http://svn.debian.org/wsvn/trunk/patches/68_DSA_external_passwd_file?rev=31&op=file
==============================================================================
--- trunk/patches/68_DSA_external_passwd_file (added)
+++ trunk/patches/68_DSA_external_passwd_file Sun Aug 20 00:00:30 2006
@@ -0,0 +1,384 @@
+diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
+--- cvs-1.12.13-old/src/cvs.h 2005-10-02 16:17:20.000000000 +0100
++++ cvs-1.12.13/src/cvs.h 2006-08-19 01:20:33.000000000 +0100
+@@ -371,6 +371,7 @@
+ extern int use_editor;
+ extern int cvswrite;
+ extern mode_t cvsumask;
++extern char *PasswordFileName;
+
+ /* Temp dir abstraction. */
+ /* From main.c. */
+diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
+--- cvs-1.12.13-old/src/main.c 2006-08-17 00:25:16.000000000 +0100
++++ cvs-1.12.13/src/main.c 2006-08-19 01:20:03.000000000 +0100
+@@ -43,8 +43,7 @@
+ int noexec = 0;
+ int readonlyfs = 0;
+ int logoff = 0;
+-
+-
++char *PasswordFileName = NULL;
+
+ /***
+ ***
+@@ -519,6 +518,7 @@
+ {"help-commands", 0, NULL, 1},
+ {"help-synonyms", 0, NULL, 2},
+ {"help-options", 0, NULL, 4},
++ {"password-file", required_argument, NULL, 5},
+ #ifdef SERVER_SUPPORT
+ {"allow-root", required_argument, NULL, 3},
+ #endif /* SERVER_SUPPORT */
+@@ -646,6 +646,10 @@
+ root_allow_add (optarg, gConfigPath);
+ break;
+ #endif /* SERVER_SUPPORT */
++ case 5:
++ /* --password-file */
++ PasswordFileName = xstrdup(optarg);
++ break;
+ case 'Q':
+ really_quiet = 1;
+ /* FALL THROUGH */
+diff -ruN cvs-1.12.13-old/src/Makefile.in cvs-1.12.13/src/Makefile.in
+--- cvs-1.12.13-old/src/Makefile.in 2005-10-03 14:37:18.000000000 +0100
++++ cvs-1.12.13/src/Makefile.in 2006-08-17 00:28:35.000000000 +0100
+@@ -146,7 +146,7 @@
+ ls.$(OBJEXT) main.$(OBJEXT) mkmodules.$(OBJEXT) \
+ modules.$(OBJEXT) ms-buffer.$(OBJEXT) myndbm.$(OBJEXT) \
+ no_diff.$(OBJEXT) parseinfo.$(OBJEXT) patch.$(OBJEXT) \
+- rcs.$(OBJEXT) rcscmds.$(OBJEXT) recurse.$(OBJEXT) \
++ rcs.$(OBJEXT) rcscmds.$(OBJEXT) readpw.$(OBJEXT) recurse.$(OBJEXT) \
+ release.$(OBJEXT) remove.$(OBJEXT) repos.$(OBJEXT) \
+ root.$(OBJEXT) rsh-client.$(OBJEXT) run.$(OBJEXT) \
+ scramble.$(OBJEXT) server.$(OBJEXT) stack.$(OBJEXT) \
+@@ -349,6 +349,7 @@
+ patch.c \
+ rcs.c \
+ rcscmds.c \
++ readpw.c \
+ recurse.c \
+ release.c \
+ remove.c \
+@@ -543,6 +544,7 @@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/patch.Po at am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/rcs.Po at am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/rcscmds.Po at am__quote@
++ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/readpw.Po at am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/recurse.Po at am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/release.Po at am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/remove.Po at am__quote@
+diff -ruN cvs-1.12.13-old/src/parseinfo.h cvs-1.12.13/src/parseinfo.h
+--- cvs-1.12.13-old/src/parseinfo.h 2006-08-17 00:25:16.000000000 +0100
++++ cvs-1.12.13/src/parseinfo.h 2006-08-17 00:58:25.000000000 +0100
+@@ -21,6 +21,7 @@
+ char *HistoryLogPath;
+ char *HistorySearchPath;
+ char *TmpDir;
++ char *PasswordFileName;
+
+ /* Should the logmsg be re-read during the do_verify phase?
+ * RereadLogAfterVerify=no|stat|yes
+diff -ruN cvs-1.12.13-old/src/readpw.c cvs-1.12.13/src/readpw.c
+--- cvs-1.12.13-old/src/readpw.c 1970-01-01 01:00:00.000000000 +0100
++++ cvs-1.12.13/src/readpw.c 2006-08-19 01:45:26.000000000 +0100
+@@ -0,0 +1,158 @@
++/*
++ readpw.c - read the CVS password from an external file
++ Copyright (c) 2006 Martin Schulze <joey at infodrom.org>
++
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; either version 2 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++*/
++
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++#include <syslog.h>
++
++#define PWFILE "/tmp/work/cvs/cvs.passwd"
++
++/*
++ * Source: control_nextline() in dtaus.c from dtaus
++ */
++size_t readline (FILE *f, char **buf, unsigned int len)
++{
++ char line[100];
++ char tmp[100];
++ char *cp;
++ int i;
++
++ memset (line, 0, sizeof(line));
++ memset (*buf, 0, len);
++
++ cp = line;
++
++ while (!strlen(line) && (cp = fgets(line, 100, f))) {
++ if (strlen(line)) {
++ if (line[0] != '#') {
++ if (line[strlen(line)-1] != '\n') {
++ strcpy(tmp, line);
++ while (tmp[strlen(tmp)-1] != '\n' && (cp = fgets(tmp, 100, f)));
++ } else
++ line[strlen(line)-1] = '\0';
++ if (line[strlen(line)-1] == '\r')
++ line[strlen(line)-1] = '\0';
++ for (i=strlen(line);(line[i-1] == ' '||line[i-1] == '\t')&&i>0; i--)
++ line[i-1] = '\0';
++ } else
++ line[0] = '\0';
++ }
++ }
++ for (cp=line; *cp==' '; cp++);
++
++ if (strlen(cp)) {
++ memcpy(*buf, cp, strlen(cp) >= len ? len-1 : strlen(cp));
++ return (strlen (cp));
++ } else
++ return 0;
++}
++
++#define MAXLINE 100
++#define PWLEN 20
++
++char *getpwline (const char *fname, const char *repository, const char *logname)
++{
++ FILE *f;
++ char buf[MAXLINE], *bp = buf;
++ static char line[MAXLINE];
++ int inrepo = 0;
++ char *cp;
++
++ memset (line, 0, sizeof (line));
++
++ if ((f = fopen (fname, "r")) == NULL) {
++ perror ("fopen");
++ return line;
++ }
++
++ while (readline (f, &bp, 50)) {
++ if (buf[0] == '/') {
++ syslog(LOG_ERR, "Looking for repo %s in %s\n", repository, buf);
++ if (!inrepo && !strcmp (buf, repository))
++ {
++ syslog(LOG_ERR, "matched repository %s\n", repository);
++ inrepo = 1;
++ }
++ else if (inrepo)
++ inrepo = 0;
++ } else {
++ if (inrepo) {
++ if ((cp = strchr (buf, ':')) != NULL) {
++ if ( (cp - buf) == strlen (logname)
++ && !strncmp (buf, logname, strlen (logname))) {
++ memcpy (line, buf, strlen(buf) >= MAXLINE ? MAXLINE-1 : strlen(buf));
++ }
++ }
++ }
++ }
++ }
++
++ if (ferror (f))
++ perror ("ferror");
++ if (fclose (f) < 0)
++ perror ("fclose");
++
++ return line;
++}
++
++/*
++*****************************************************************
++ */
++#ifdef TEST_READPW
++
++void getpasswd (const char *fname, const char *repository, const char *logname, char **pw, char **user)
++{
++ char *line;
++ char *cp, *xp;
++
++ memset (*pw, 0, PWLEN);
++ memset (*user, 0, PWLEN);
++
++ line = getpwline(fname, repository, logname);
++
++ if (line[0] == '\0')
++ return;
++
++ cp = strchr (line, ':');
++ cp++;
++
++ if ((xp = strchr (cp, ':')) != NULL) {
++ memcpy (*pw, cp, xp-cp >= PWLEN ? PWLEN-1 : xp-cp);
++
++ xp++;
++
++ if (strlen (xp))
++ memcpy (*user, xp, strlen(xp) >= PWLEN ? PWLEN-1 : strlen(xp));
++ }
++}
++
++int main ()
++{
++ char pw[PWLEN], *ppw = pw;
++ char cvsuser[PWLEN], *pcu = cvsuser;
++
++ getpasswd (PWFILE, "/cvs/debian-doc", "jseidel", &ppw, &pcu);
++
++ printf ("%s<:>%s\n", pw, cvsuser);
++ printf ("XXXXXXXXXXXXX\n");
++
++ return 0;
++}
++#endif /*TEST_READPW */
+diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
+--- cvs-1.12.13-old/src/server.c 2006-08-17 00:25:16.000000000 +0100
++++ cvs-1.12.13/src/server.c 2006-08-20 00:31:22.000000000 +0100
+@@ -22,6 +22,8 @@
+
+ int server_active = 0;
+
++char *getpwline (const char *fname, const char *repository, const char *logname);
++
+ #if defined (SERVER_SUPPORT) || defined (CLIENT_SUPPORT)
+
+ # include "log-buffer.h"
+@@ -6689,51 +6691,71 @@
+ {
+ int retval = 0;
+ FILE *fp;
+- char *filename;
++ char *filename = NULL;
++ char *cp;
+ char *linebuf = NULL;
+ size_t linebuf_len;
+ int found_it = 0;
+ int namelen;
+
+- /* We don't use current_parsed_root->directory because it hasn't been
+- * set yet -- our `repository' argument came from the authentication
+- * protocol, not the regular CVS protocol.
+- */
+-
+- filename = xmalloc (strlen (repository)
+- + 1
+- + strlen (CVSROOTADM)
+- + 1
+- + strlen (CVSROOTADM_PASSWD)
+- + 1);
++ if (!PasswordFileName)
++ {
++ /* We don't use current_parsed_root->directory because it hasn't been
++ * set yet -- our `repository' argument came from the authentication
++ * protocol, not the regular CVS protocol.
++ */
++
++ filename = xmalloc (strlen (repository)
++ + 1
++ + strlen (CVSROOTADM)
++ + 1
++ + strlen (CVSROOTADM_PASSWD)
++ + 1);
+
+- (void) sprintf (filename, "%s/%s/%s", repository,
+- CVSROOTADM, CVSROOTADM_PASSWD);
++ (void) sprintf (filename, "%s/%s/%s", repository,
++ CVSROOTADM, CVSROOTADM_PASSWD);
+
+- fp = CVS_FOPEN (filename, "r");
+- if (fp == NULL)
+- {
+- if (!existence_error (errno))
+- error (0, errno, "cannot open %s", filename);
+- free (filename);
+- return 0;
+- }
++ fp = CVS_FOPEN (filename, "r");
++ if (fp == NULL)
++ {
++ if (!existence_error (errno))
++ error (0, errno, "cannot open %s", filename);
++ free (filename);
++ return 0;
++ }
+
+- /* Look for a relevant line -- one with this user's name. */
+- namelen = strlen (username);
+- while (getline (&linebuf, &linebuf_len, fp) >= 0)
+- {
+- if ((strncmp (linebuf, username, namelen) == 0)
+- && (linebuf[namelen] == ':'))
+- {
+- found_it = 1;
+- break;
+- }
++ /* Look for a relevant line -- one with this user's name. */
++ namelen = strlen (username);
++ while (getline (&linebuf, &linebuf_len, fp) >= 0)
++ {
++ if ((strncmp (linebuf, username, namelen) == 0)
++ && (linebuf[namelen] == ':'))
++ {
++ found_it = 1;
++ break;
++ }
++ }
++ if (ferror (fp))
++ error (0, errno, "cannot read %s", filename);
++ if (fclose (fp) < 0)
++ error (0, errno, "cannot close %s", filename);
++ }
++ else /* DSA_VERSION */
++ {
++ namelen = strlen (username);
++
++ cp = getpwline (PasswordFileName, repository, username);
++ /* syslog (LOG_NOTICE, "cp=%s", cp); */
++ if (strlen (cp)) {
++ linebuf = xmalloc (strlen (cp) + 1);
++ memcpy (linebuf, cp, strlen(cp)+1);
++ /* syslog (LOG_NOTICE, "line=%s", linebuf); */
++ found_it = 1;
++ } else
++ found_it = 0;
++
++ /* syslog (LOG_NOTICE, "username=%s, password=%s, repository=%s", username, password, repository); */
+ }
+- if (ferror (fp))
+- error (0, errno, "cannot read %s", filename);
+- if (fclose (fp) < 0)
+- error (0, errno, "cannot close %s", filename);
+
+ /* If found_it, then linebuf contains the information we need. */
+ if (found_it)
+@@ -6823,6 +6845,7 @@
+ retval = 0;
+ }
+
++ if (filename)
+ free (filename);
+ if (linebuf)
+ free (linebuf);
+@@ -7043,7 +7066,10 @@
+ letting you in if it won't say why, and I am not convinced
+ that the potential information disclosure to an attacker
+ outweighs this. */
+- printf ("error 0 no such user %s in CVSROOT/passwd\n", username);
++ if (PasswordFileName)
++ printf ("error 0 no such user %s in %s\n", username, PasswordFileName);
++ else
++ printf ("error 0 no such user %s in CVSROOT/passwd\n", username);
+
+ exit (EXIT_FAILURE);
+ }
More information about the Pkg-cvs-commits
mailing list