Date: Tue, 14 Dec 2004 16:08:10 +0100 From: Kasparek Tomas <kasparek@fit.vutbr.cz> To: freebsd-cvsweb@freebsd.org Subject: Patch for non-anonymouse CVS access Message-ID: <20041214150809.GM93532@fit.vutbr.cz>
next in thread | raw e-mail | index | archive | help
--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, I include patch with changes I used to allow accessing of nonanonymous CVS repository. It run the CGI script with suidperl as root and changes to UID and GID of authenticated user as soon as possible. This is enough to make it work, it the just adds the name of the user (via really simple hack). (the patch i against 3.0.4) Bye -- Tomas Kasparek, PhD student E-mail: kasparek@fit.vutbr.cz CVT FIT VUT Brno, BI/140a Web: http://www.fit.vutbr.cz/~kasparek Bozetechova 2, 612 66 Fax: +420 54114-1270 Brno, Czech Republic Phone: +420 54114-1220 ICQ: 293092805 jabber:tomas.kasparek@jabber.cz GPG: 2F1E 1AAF FD3B CFA3 1537 63BD DCBE 18FF A035 53BC --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=cvsweb-patch --- cvsweb.cgi 2004-11-06 09:47:21.000000000 +0100 +++ cvsweb 2004-12-14 15:58:46.812235616 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/perl -T +#!/usr/bin/suidperl -T -W # # cvsweb - a CGI interface to CVS trees. # @@ -88,7 +88,7 @@ $allow_tar @tar_options @gzip_options @zip_options @cvs_options @annotate_options @rcsdiff_options $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url - $allow_enscript @enscript_options %enscript_types + $allow_enscript @enscript_options %enscript_types $UID $USER ); use Cwd qw(abs_path cwd); @@ -208,6 +208,31 @@ # Get rid of unsafe environment vars. Don't do this in BEGIN... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); +#------------------------------------------------- +#Added by Si + +# Get rid of EUID of root + +#is there something reasonable there? +if ($ENV{REMOTE_USER} =~ /^([a-zA-Z0-9]+)$/) { + $UID=getpwnam($1); # $data now untainted +} + +if (! defined $UID) { + #bad user - use Real UID instead + $UID = $<; + print "Unknown user $ENV{REMOTE_USER}, using ". getpwuid($UID) . "<br><br>\n"; +} + +#set it as EUID - never can get UID of 0 back! +$USER= getpwuid($UID); + +$) = `/usr/bin/id -G $USER </dev/null`; +$> = $UID; + +#End of modification by Si +#------------------------------------------------- + my ($mydir) = (dirname($0) =~ /(.*)/); # untaint # == EDIT this == @@ -4294,7 +4319,12 @@ <title>$title</title> $HTML_META$CSS</head> <body> -$l <h1>$title</h1> +$l <h1>$title</h1><br> +<CENTER> +<STRONG> +Logged in as user: $USER +</STRONG> +</CENTER> EOH } --vtzGhvizbBRQ85DL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214150809.GM93532>