From owner-freebsd-cvsweb@FreeBSD.ORG Tue Aug 28 17:54:34 2007 Return-Path: Delivered-To: freebsd-cvsweb@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2FBE416A417 for ; Tue, 28 Aug 2007 17:54:34 +0000 (UTC) (envelope-from tzago@timbrasil.com.br) Received: from smtp2.timbrasil.com.br (smtp1.timbrasil.com.br [200.179.42.37]) by mx1.freebsd.org (Postfix) with ESMTP id 7F46C13C4A3 for ; Tue, 28 Aug 2007 17:54:32 +0000 (UTC) (envelope-from tzago@timbrasil.com.br) Received: from snedcpms07.internal.timbrasil.com.br ([10.168.40.43]) by smtp2.timbrasil.com.br with Microsoft SMTPSVC(6.0.3790.1830); Tue, 28 Aug 2007 14:36:12 -0300 Received: from SNEDCPMS01.internal.timbrasil.com.br ([10.168.40.30]) by snedcpms07.internal.timbrasil.com.br with Microsoft SMTPSVC(6.0.3790.2499); Tue, 28 Aug 2007 14:54:30 -0300 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Tue, 28 Aug 2007 14:54:30 -0300 Message-ID: <1EA6EF878B09DC44892FD9C2BE4D68421A2654@SNEDCPMS01.internal.timbrasil.com.br> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: cvsweb authentication implementation Thread-Index: AcfpnHqDPefBvHfnT0yfJ4mgsnEvlA== From: "Thiago Lacerda Zago" To: X-OriginalArrivalTime: 28 Aug 2007 17:54:30.0674 (UTC) FILETIME=[7BEE6720:01C7E99C] Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: cvsweb authentication implementation X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS Web maintenance mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2007 17:54:34 -0000 Hi, =20 I=92m implementing let me say sort of authentication in cvsweb so that = only our permitted staff could use this tool through our intranet. =20 I=92m doing so reading php session that the starting page that calls = cvsweb.cgi. and using PHP::Session to retrieve the user provided data. = Then I=92m propagating the session id through all cvsweb.cgi links = through method get and cgi param(). =20 I almost done with this task but now I am facing a problem that I was = not able to solve yet. =20 When I click in the link that follows the icon to show the revisions = graphically, the reference link is http://xxx/cgi-bin/ = /cvsweb.cgi/dcn_cor/router.db?graph=3D1;sid=3D5s4gj964cd4c2j88ljsxz3qopr Where sid=3D5s4gj964cd4c2j88ljsxz3qopr in this case is the php session = id that I=92m sending along the link http://xxx/cgi-bin/ = /cvsweb.cgi/dcn_cor/router.db?graph=3D1 so that the graph page could be = authenticated and allowed to be displayed as well. =20 The problem is that I keep getting this error message. :: Error :: Error: '/usr/bin/cvsgraph -r /usr/local/rancid/var/CVS -m = dcn_cor/configs/ -i -M CvsGraphMap -x x = -Omap_branch_href=3D"href=3D\"./?only_with_tag=3D%(%t%);sortby=3Ddate\"" = -Omap_rev_href=3D"href=3D\"?rev=3D%(%R%);sortby=3Ddate\"" = -Omap_diff_href=3D"href=3D\"%(0.000000%).diff?sid=3D5s4gj964cd4c2j88ljsxz= 3qopr;r1=3D%(%P%);r2=3D%(%R%);sortby=3Ddate\"" -c /etc/cvsgraph.conf = router005,v' failed: Insecure dependency in exec while running with -T = switch at /usr/lib/perl5/site_perl/5.8.0/IPC/Run.pm line 1272. at = /xxx/www/cgi-bin/cvsweb.cgi line 4545=20 =20 The customized to accomplish this is sub doGraphView() =20 The funny thing is that this error occurs only when I add a ?sid=3D$id = to the array @graph_cmd as shown right below. =20 my @graph_cmd =3D ($CMD{cvsgraph}, '-r', $cvsroot, '-m', $pathname, '-i', '-M', $mapname, '-x', 'x', = "-Omap_branch_href=3D\"href=3D\\\"./?only_with_tag=3D%(%t%)$notag_query\\= \"\"", "-Omap_rev_href=3D\"href=3D\\\"?rev=3D%(%R%)$barequery\\\"\"", "-Omap_diff_href=3D\"href=3D\\\"%(%F%).diff" . "?sid=3D$id;r1=3D%(%P%);r2=3D%(%R%)$barequery\\\"\"" , ); =20 If I do the same thing but this time manually writing the var = ?sid=3D5s4gj964cd4c2j88ljsxz3qopr it just works fine and no error is = issued at all. =20 my @graph_cmd =3D ($CMD{cvsgraph}, '-r', $cvsroot, '-m', $pathname, '-i', '-M', $mapname, '-x', 'x', = "-Omap_branch_href=3D\"href=3D\\\"./?only_with_tag=3D%(%t%)$notag_query\\= \"\"", "-Omap_rev_href=3D\"href=3D\\\"?rev=3D%(%R%)$barequery\\\"\"", "-Omap_diff_href=3D\"href=3D\\\"%(%F%).diff" . = "?sid=3D5s4gj964cd4c2j88ljsxz3qopr;r1=3D%(%P%);r2=3D%(%R%)$barequery\\\"\= "" , ); =20 Any hint to how to solve this problem and/or a better solution to = implementing a cvsweb authentication? =20 Thanks in advance. =20 Thiago Zago=20 =20 No virus found in this outgoing message. Checked by AVG Free Edition.=20 Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: = 27/8/2007 18:20 =20