Date: Sun, 14 Jan 2001 17:10:24 +0900 From: "Akinori MUSHA" <knu@iDaemons.org> To: peter@FreeBSD.org Cc: hackers@FreeBSD.org Subject: a couple of patches for cvs Message-ID: <86ely6lfkf.wl@archon.local.idaemons.org>
next in thread | raw e-mail | index | archive | help
Hi,
I have some patches I wish you'd integrate into our cvs(1) source.
The first one adds support for the "tag" directive in CVSROOT/config,
which NetBSD's and OpenBSD's cvs(1) implements. I know our cvs(1)
supports more powerful extension via CVSROOT/options, however,
supporting CVSROOT/config increases cooperability a bit. When a
repository on an OpenBSD (or NetBSD) box has a tag directive in
CVSROOT/config and you try to access the repository over NFS from a
FreeBSD box, cvs(1) carps there's an unrecognized keyword called
"tag".
The second one lets cvs support PAM authentication. With it one can
switch the pserver authentication method from the simple UNIX password
to pam_whatever, such as pam_krb5, pam_mysql, pam_smb and so on. The
patch was originally posted by Frank Kargl (*) on bug-cvs list in the
middle of last year.
What do you think about them?
Thanks for your time.
* <frank.kargl@informatik.uni-ulm.de>
--
/
/__ __ Akinori.org / MUSHA.org
/ ) ) ) ) / FreeBSD.org / Ruby-lang.org
Akinori MUSHA aka / (_ / ( (__( @ iDaemons.org / and.or.jp
"We're only at home when we're on the run, on the wing, on the fly"
Index: contrib/cvs/src/parseinfo.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/parseinfo.c,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 parseinfo.c
--- contrib/cvs/src/parseinfo.c 2000/10/02 06:32:56 1.1.1.8
+++ contrib/cvs/src/parseinfo.c 2001/01/14 07:45:11
@@ -219,6 +219,7 @@
size_t line_allocated = 0;
size_t len;
char *p;
+ char *localid;
/* FIXME-reentrancy: If we do a multi-threaded server, this would need
to go to the per-connection data structures. */
static int parsed = 0;
@@ -383,6 +384,22 @@
logHistory=malloc(strlen (p) + 1);
strcpy (logHistory, p);
}
+ }
+ else if (strcmp (line, "tag") == 0) {
+ len = strlen (p);
+ localid = malloc (len + 7 + 1); /* 7 == strlen ("=Header") */
+
+ if (localid == NULL) {
+ error (0, 0, "%s: no memory for local tag '%s'",
+ infopath, p);
+ goto error_return;
+ }
+
+ strcpy (localid, p);
+ strcpy (localid + len, "=Header");
+
+ RCS_setlocalid (localid);
+ free (localid);
}
else
{
Index: contrib/cvs/configure.in
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/configure.in,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 configure.in
--- contrib/cvs/configure.in 2000/10/02 06:31:11 1.1.1.8
+++ contrib/cvs/configure.in 2001/01/14 07:27:48
@@ -14,6 +14,8 @@
AC_PATH_PROG(perl_path, perl, no)
AC_PATH_PROG(csh_path, csh, no)
+LIBS="-lpam $LIBS"
+
AC_SYS_INTERPRETER
if test X"$ac_cv_sys_interpreter" != X"yes" ; then
# silly trick to avoid problems in AC macros...
Index: contrib/cvs/src/server.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
retrieving revision 1.14
diff -u -r1.14 server.c
--- contrib/cvs/src/server.c 2000/10/02 06:43:57 1.14
+++ contrib/cvs/src/server.c 2001/01/14 07:30:36
@@ -20,6 +20,13 @@
#include "getline.h"
#include "buffer.h"
+#define HAVE_PAM_AUTH
+#ifdef HAVE_PAM_AUTH
+/* needed for PAM authentication - fk 2000 */
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#endif
+
#ifdef SERVER_SUPPORT
#ifdef HAVE_WINSOCK_H
@@ -5438,6 +5445,36 @@
return retval;
}
+#ifdef HAVE_PAM_AUTH
+/* callback for PAM authentication - fk 2000 */
+int silent_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata) {
+ int replies;
+ struct pam_response *reply = NULL;
+
+ reply = calloc(num_msg,sizeof(struct pam_response));
+ for (replies=0; replies<num_msg; replies++) {
+ switch (msgm[replies]->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+ /* printf("Prompt: %s\n",msgm[replies]->msg); */
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = strdup((char*)appdata);
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = NULL;
+ break;
+ default:
+ free(reply);
+ return PAM_CONV_ERR;
+ }
+ }
+ *response = reply;
+ return PAM_SUCCESS;
+}
+#endif
/* Return a hosting username if password matches, else NULL. */
static char *
@@ -5509,9 +5546,38 @@
if (*found_passwd)
{
/* user exists and has a password */
+#ifdef HAVE_PAM_AUTH
+ pam_handle_t *pamh=NULL;
+ struct pam_conv conv;
+ int retval;
+
+ conv.conv = silent_conv;
+ conv.appdata_ptr = password;
+
+ retval = pam_start("cvs", username, &conv, &pamh);
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_authenticate(pamh, 0); /* is user really user? */
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
+
+ /* This is where we have been authorized or not. */
+
+ if (retval == PAM_SUCCESS) {
+ host_user = xstrdup (username);
+ } else {
+ host_user = NULL;
+ }
+
+ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close PAM */
+ pamh = NULL;
+ }
+#else
host_user = ((! strcmp (found_passwd,
crypt (password, found_passwd)))
? xstrdup (username) : NULL);
+#endif
goto handle_return;
}
else if (password && *password)
Index: etc/pam.conf
===================================================================
RCS file: /home/ncvs/src/etc/pam.conf,v
retrieving revision 1.9
diff -u -r1.9 pam.conf
--- etc/pam.conf 2000/12/05 03:01:24 1.9
+++ etc/pam.conf 2001/01/14 07:44:19
@@ -22,6 +22,10 @@
#ftpd auth sufficient pam_kerberosIV.so try_first_pass
ftpd auth required pam_unix.so try_first_pass
+# CVS pserver
+cvs auth sufficient pam_skey.so
+cvs auth required pam_unix.so try_first_pass
+
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ely6lfkf.wl>