summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam Vilain <sam.vilain@catalyst.net.nz>2010-05-15 15:07:54 (GMT)
committerJunio C Hamano <gitster@pobox.com>2010-05-20 04:02:59 (GMT)
commitc057bad3701682a208b72473b746de6bb5d89792 (patch)
tree962a302998692c9dde20cc12110ad5d7032d0da0
parent031a027a72a62ccf45ae22dee5721e554f6ba6e9 (diff)
downloadgit-c057bad3701682a208b72473b746de6bb5d89792.zip
git-c057bad3701682a208b72473b746de6bb5d89792.tar.gz
git-c057bad3701682a208b72473b746de6bb5d89792.tar.bz2
git-cvsserver: use a password file cvsserver pserver
If a git repository is shared via HTTP, the config file is typically visible. Use an external file instead. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--Documentation/git-cvsserver.txt21
-rwxr-xr-xgit-cvsserver.perl29
2 files changed, 31 insertions, 19 deletions
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 031480b..f414245 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -100,16 +100,27 @@ looks like
------
Only anonymous access is provided by pserve by default. To commit you
-will have to create pserver accounts, simply add a [gitcvs.users]
-section to the repositories you want to access, for example:
+will have to create pserver accounts, simply add a gitcvs.authdb
+setting in the config file of the repositories you want the cvsserver
+to allow writes to, for example:
------
- [gitcvs.users]
- someuser = somepassword
- otheruser = otherpassword
+ [gitcvs]
+ authdb = /etc/cvsserver/passwd
+
+------
+The format of these files is username followed by the crypted password,
+for example:
------
+ myuser:$1Oyx5r9mdGZ2
+ myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
+------
+You can use the 'htpasswd' facility that comes with Apache to make these
+files, but Apache's MD5 crypt method differs from the one used by most C
+library's crypt() function, so don't use the -m option.
+
Then provide your password via the pserver method, for example:
------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 7097419..8b97fb8 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -189,24 +189,25 @@ if ($state->{method} eq 'pserver') {
unless ($user eq 'anonymous') {
# Trying to authenticate a user
- if (not exists $cfg->{gitcvs}->{users}) {
- print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n";
+ if (not exists $cfg->{gitcvs}->{authdb}) {
+ print "E the repo config file needs a [gitcvs.authdb] section with a filename\n";
print "I HATE YOU\n";
exit 1;
- } elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) {
- #print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n";
+ }
+ my $auth_ok;
+ open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!;
+ while(<PASSWD>) {
+ if (m{^\Q$user\E:(.*)}) {
+ if (crypt($user, $1) eq $1) {
+ $auth_ok = 1;
+ }
+ };
+ }
+ unless ($auth_ok) {
print "I HATE YOU\n";
exit 1;
- } else {
- my $descrambled_password = descramble($password);
- my $cleartext_password = $cfg->{gitcvs}->{users}->{$user};
- if ($descrambled_password ne $cleartext_password) {
- #print "E The password supplied for user $user was incorrect\n";
- print "I HATE YOU\n";
- exit 1;
- }
- # else fall through to LOVE
}
+ # else fall through to LOVE
}
# For checking whether the user is anonymous on commit
@@ -337,7 +338,7 @@ sub req_Root
}
foreach my $line ( @gitvars )
{
- next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver|users)\.)?([\w-]+)=(.*)$/ );
+ next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver)\.)?([\w-]+)=(.*)$/ );
unless ($2) {
$cfg->{$1}{$3} = $4;
} else {