From owner-freebsd-hackers  Sun Jan 14  0:10:52 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail.rdc1.kt.home.ne.jp (ha2.rdc1.kt.home.ne.jp [203.165.9.243])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0BB0E37B400; Sun, 14 Jan 2001 00:10:27 -0800 (PST)
Received: from daemon.local.idaemons.org ([203.165.161.10])
          by mail.rdc1.kt.home.ne.jp (InterMail vM.4.01.02.00 201-229-116)
          with ESMTP
          id <20010114081025.XVEF29706.mail.rdc1.kt.home.ne.jp@daemon.local.idaemons.org>;
          Sun, 14 Jan 2001 00:10:25 -0800
Received: by daemon.local.idaemons.org (8.11.1/3.7W) id f0E8AOC38666; Sun, 14 Jan 2001 17:10:24 +0900 (JST)
Date: Sun, 14 Jan 2001 17:10:24 +0900
Message-ID: <86ely6lfkf.wl@archon.local.idaemons.org>
From: "Akinori MUSHA" <knu@iDaemons.org>
To: peter@FreeBSD.org
Cc: hackers@FreeBSD.org
Subject: a couple of patches for cvs
User-Agent: Wanderlust/2.5.4 (Smooth) SEMI/1.14.0 (Iburihashi) FLIM/1.14.0 (Ninokuchi) APEL/10.2 MULE XEmacs/21.1 (patch 12) (Channel Islands) (i386--freebsd)
Organization: Associated I. Daemons
X-PGP-Public-Key: finger knu@FreeBSD.org
X-PGP-Fingerprint: 081D 099C 1705 861D 4B70  B04A 920B EFC7 9FD9 E1EE
MIME-Version: 1.0 (generated by SEMI 1.14.0 - "Iburihashi")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

I have some patches I wish you'd integrate into our cvs(1) source.

The first one adds support for the "tag" directive in CVSROOT/config,
which NetBSD's and OpenBSD's cvs(1) implements.  I know our cvs(1)
supports more powerful extension via CVSROOT/options, however,
supporting CVSROOT/config increases cooperability a bit.  When a
repository on an OpenBSD (or NetBSD) box has a tag directive in
CVSROOT/config and you try to access the repository over NFS from a
FreeBSD box, cvs(1) carps there's an unrecognized keyword called
"tag".

The second one lets cvs support PAM authentication.  With it one can
switch the pserver authentication method from the simple UNIX password
to pam_whatever, such as pam_krb5, pam_mysql, pam_smb and so on.  The
patch was originally posted by Frank Kargl (*) on bug-cvs list in the
middle of last year.


What do you think about them?


Thanks for your time.

* <frank.kargl@informatik.uni-ulm.de>

-- 
                     /
                    /__  __            Akinori.org / MUSHA.org
                   / )  )  ) )  /     FreeBSD.org / Ruby-lang.org
Akinori MUSHA aka / (_ /  ( (__(  @ iDaemons.org / and.or.jp

"We're only at home when we're on the run, on the wing, on the fly"

Index: contrib/cvs/src/parseinfo.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/parseinfo.c,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 parseinfo.c
--- contrib/cvs/src/parseinfo.c	2000/10/02 06:32:56	1.1.1.8
+++ contrib/cvs/src/parseinfo.c	2001/01/14 07:45:11
@@ -219,6 +219,7 @@
     size_t line_allocated = 0;
     size_t len;
     char *p;
+    char *localid;
     /* FIXME-reentrancy: If we do a multi-threaded server, this would need
        to go to the per-connection data structures.  */
     static int parsed = 0;
@@ -383,6 +384,22 @@
 		logHistory=malloc(strlen (p) + 1);
 		strcpy (logHistory, p);
 	    }
+	}
+	else if (strcmp (line, "tag") == 0) {
+	    len = strlen (p);
+	    localid = malloc (len + 7 + 1);	/* 7 == strlen ("=Header") */
+	        
+	    if (localid == NULL) {
+		error (0, 0, "%s: no memory for local tag '%s'",
+		       infopath, p);
+		goto error_return;
+	    }
+
+	    strcpy (localid, p);
+	    strcpy (localid + len, "=Header");
+
+	    RCS_setlocalid (localid);
+	    free (localid);
 	}
 	else
 	{

Index: contrib/cvs/configure.in
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/configure.in,v
retrieving revision 1.1.1.8
diff -u -r1.1.1.8 configure.in
--- contrib/cvs/configure.in	2000/10/02 06:31:11	1.1.1.8
+++ contrib/cvs/configure.in	2001/01/14 07:27:48
@@ -14,6 +14,8 @@
 AC_PATH_PROG(perl_path, perl, no)
 AC_PATH_PROG(csh_path, csh, no)
 
+LIBS="-lpam $LIBS"
+
 AC_SYS_INTERPRETER
 if test X"$ac_cv_sys_interpreter" != X"yes" ; then
   # silly trick to avoid problems in AC macros...
Index: contrib/cvs/src/server.c
===================================================================
RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
retrieving revision 1.14
diff -u -r1.14 server.c
--- contrib/cvs/src/server.c	2000/10/02 06:43:57	1.14
+++ contrib/cvs/src/server.c	2001/01/14 07:30:36
@@ -20,6 +20,13 @@
 #include "getline.h"
 #include "buffer.h"
 
+#define HAVE_PAM_AUTH
+#ifdef HAVE_PAM_AUTH
+/* needed for PAM authentication - fk 2000 */
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#endif
+
 #ifdef SERVER_SUPPORT
 
 #ifdef HAVE_WINSOCK_H
@@ -5438,6 +5445,36 @@
     return retval;
 }
 
+#ifdef HAVE_PAM_AUTH
+/* callback for PAM authentication - fk 2000 */
+int silent_conv(int num_msg, const struct pam_message **msgm,
+	struct pam_response **response, void *appdata) {
+	int replies;
+	struct pam_response *reply = NULL;
+
+	reply = calloc(num_msg,sizeof(struct pam_response));
+	for (replies=0; replies<num_msg; replies++) {
+		switch (msgm[replies]->msg_style) {
+			case PAM_PROMPT_ECHO_ON:
+			case PAM_PROMPT_ECHO_OFF:
+				/* printf("Prompt: %s\n",msgm[replies]->msg); */
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = strdup((char*)appdata);
+				break;
+			case PAM_ERROR_MSG:
+			case PAM_TEXT_INFO:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = NULL;
+				break;
+			default:
+				free(reply);
+				return PAM_CONV_ERR;
+		}
+	}
+	*response = reply;
+	return PAM_SUCCESS;
+}
+#endif
 
 /* Return a hosting username if password matches, else NULL. */
 static char *
@@ -5509,9 +5546,38 @@
 	if (*found_passwd)
         {
 	    /* user exists and has a password */
+#ifdef HAVE_PAM_AUTH
+	    pam_handle_t *pamh=NULL;
+	    struct pam_conv conv;
+	    int retval;
+
+	    conv.conv = silent_conv;
+	    conv.appdata_ptr = password;
+
+	    retval = pam_start("cvs", username, &conv, &pamh);
+
+	    if (retval == PAM_SUCCESS)
+		retval = pam_authenticate(pamh, 0); /* is user really user? */
+
+	    if (retval == PAM_SUCCESS)
+		retval = pam_acct_mgmt(pamh, 0);    /* permitted access? */
+
+	    /* This is where we have been authorized or not. */
+
+	    if (retval == PAM_SUCCESS) {
+		host_user = xstrdup (username);
+	    } else {
+		host_user = NULL;
+	    }
+
+	    if (pam_end(pamh,retval) != PAM_SUCCESS) {   /* close PAM */
+		pamh = NULL;
+	    }
+#else
 	    host_user = ((! strcmp (found_passwd,
                                     crypt (password, found_passwd)))
                          ? xstrdup (username) : NULL);
+#endif
             goto handle_return;
         }
 	else if (password && *password)
Index: etc/pam.conf
===================================================================
RCS file: /home/ncvs/src/etc/pam.conf,v
retrieving revision 1.9
diff -u -r1.9 pam.conf
--- etc/pam.conf	2000/12/05 03:01:24	1.9
+++ etc/pam.conf	2001/01/14 07:44:19
@@ -22,6 +22,10 @@
 #ftpd	auth	sufficient	pam_kerberosIV.so		try_first_pass
 ftpd	auth	required	pam_unix.so			try_first_pass
 
+# CVS pserver
+cvs	auth	sufficient	pam_skey.so
+cvs	auth	required	pam_unix.so			try_first_pass
+
 # OpenSSH with PAM support requires similar modules.  The session one is
 # a bit strange, though...
 sshd	auth	sufficient	pam_skey.so


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message