Date: Tue, 28 Aug 2007 14:54:30 -0300 From: "Thiago Lacerda Zago" <tzago@timbrasil.com.br> To: <freebsd-cvsweb@FreeBSD.org> Subject: cvsweb authentication implementation Message-ID: <1EA6EF878B09DC44892FD9C2BE4D68421A2654@SNEDCPMS01.internal.timbrasil.com.br>
next in thread | raw e-mail | index | archive | help
Hi, =20 I=92m implementing let me say sort of authentication in cvsweb so that = only our permitted staff could use this tool through our intranet. =20 I=92m doing so reading php session that the starting page that calls = cvsweb.cgi. and using PHP::Session to retrieve the user provided data. = Then I=92m propagating the session id through all cvsweb.cgi links = through method get and cgi param(). =20 I almost done with this task but now I am facing a problem that I was = not able to solve yet. =20 When I click in the link that follows the icon to show the revisions = graphically, the reference link is http://xxx/cgi-bin/ = /cvsweb.cgi/dcn_cor/router.db?graph=3D1;sid=3D5s4gj964cd4c2j88ljsxz3qopr Where sid=3D5s4gj964cd4c2j88ljsxz3qopr in this case is the php session = id that I=92m sending along the link http://xxx/cgi-bin/ = /cvsweb.cgi/dcn_cor/router.db?graph=3D1 so that the graph page could be = authenticated and allowed to be displayed as well. =20 The problem is that I keep getting this error message. :: Error :: Error: '/usr/bin/cvsgraph -r /usr/local/rancid/var/CVS -m = dcn_cor/configs/ -i -M CvsGraphMap -x x = -Omap_branch_href=3D"href=3D\"./?only_with_tag=3D%(%t%);sortby=3Ddate\"" = -Omap_rev_href=3D"href=3D\"?rev=3D%(%R%);sortby=3Ddate\"" = -Omap_diff_href=3D"href=3D\"%(0.000000%).diff?sid=3D5s4gj964cd4c2j88ljsxz= 3qopr;r1=3D%(%P%);r2=3D%(%R%);sortby=3Ddate\"" -c /etc/cvsgraph.conf = router005,v' failed: Insecure dependency in exec while running with -T = switch at /usr/lib/perl5/site_perl/5.8.0/IPC/Run.pm line 1272. at = /xxx/www/cgi-bin/cvsweb.cgi line 4545=20 =20 The customized to accomplish this is sub doGraphView() =20 The funny thing is that this error occurs only when I add a ?sid=3D$id = to the array @graph_cmd as shown right below. =20 my @graph_cmd =3D ($CMD{cvsgraph}, '-r', $cvsroot, '-m', $pathname, '-i', '-M', $mapname, '-x', 'x', = "-Omap_branch_href=3D\"href=3D\\\"./?only_with_tag=3D%(%t%)$notag_query\\= \"\"", "-Omap_rev_href=3D\"href=3D\\\"?rev=3D%(%R%)$barequery\\\"\"", "-Omap_diff_href=3D\"href=3D\\\"%(%F%).diff" . "?sid=3D$id;r1=3D%(%P%);r2=3D%(%R%)$barequery\\\"\"" , ); =20 If I do the same thing but this time manually writing the var = ?sid=3D5s4gj964cd4c2j88ljsxz3qopr it just works fine and no error is = issued at all. =20 my @graph_cmd =3D ($CMD{cvsgraph}, '-r', $cvsroot, '-m', $pathname, '-i', '-M', $mapname, '-x', 'x', = "-Omap_branch_href=3D\"href=3D\\\"./?only_with_tag=3D%(%t%)$notag_query\\= \"\"", "-Omap_rev_href=3D\"href=3D\\\"?rev=3D%(%R%)$barequery\\\"\"", "-Omap_diff_href=3D\"href=3D\\\"%(%F%).diff" . = "?sid=3D5s4gj964cd4c2j88ljsxz3qopr;r1=3D%(%P%);r2=3D%(%R%)$barequery\\\"\= "" , ); =20 Any hint to how to solve this problem and/or a better solution to = implementing a cvsweb authentication? =20 Thanks in advance. =20 Thiago Zago=20 =20 No virus found in this outgoing message. Checked by AVG Free Edition.=20 Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: = 27/8/2007 18:20 =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1EA6EF878B09DC44892FD9C2BE4D68421A2654>