From owner-svn-src-svnadmin@FreeBSD.ORG Sat Sep 15 18:00:35 2012 Return-Path: Delivered-To: svn-src-svnadmin@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D8370106566B; Sat, 15 Sep 2012 18:00:34 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C2F378FC12; Sat, 15 Sep 2012 18:00:34 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8FI0Yd2001111; Sat, 15 Sep 2012 18:00:34 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8FI0Y4k001109; Sat, 15 Sep 2012 18:00:34 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201209151800.q8FI0Y4k001109@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sat, 15 Sep 2012 18:00:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-svnadmin@freebsd.org X-SVN-Group: svnadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r240534 - svnadmin/tools/svnssh X-BeenThere: svn-src-svnadmin@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the admin / configuration tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2012 18:00:35 -0000 Author: bz Date: Sat Sep 15 18:00:34 2012 New Revision: 240534 URL: http://svn.freebsd.org/changeset/base/240534 Log: Use SVN access files rather than CVS. At least doc is no longer exported to CVS so new committers did not gain access. Use a defined length for username (not ideal but better than 32). Consistently use username and not pw->pw_name. Close the password database files to ensure we cannot access them any more after copy. Factor out reading access files for karma into a function; no longer allow open to fail. Put #ifdef checks around all three file reads, not just the extra two. Move karma variable initializations to just before needed. Modified: svnadmin/tools/svnssh/svnssh.c Modified: svnadmin/tools/svnssh/svnssh.c ============================================================================== --- svnadmin/tools/svnssh/svnssh.c Sat Sep 15 17:47:44 2012 (r240533) +++ svnadmin/tools/svnssh/svnssh.c Sat Sep 15 18:00:34 2012 (r240534) @@ -31,9 +31,8 @@ #define SVNROOT "/s/svn" #define BASEACCESS SVNROOT "/base/conf/access" -/* Access cvs access files over nfs for now */ -#define DOCACCESS "/home/dcvs/CVSROOT/access" -#define PORTSACCESS "/home/pcvs/CVSROOT/access" +#define DOCACCESS SVNROOT "/doc/conf/access" +#define PORTSACCESS SVNROOT "/ports/conf/access" #define NOCOMMIT "/etc/nocommit" @@ -44,7 +43,7 @@ static const char *env[] = { NULL }; -static char username[32]; +static char username[_SC_LOGIN_NAME_MAX + 1]; static char linebuf[1024]; static void @@ -61,6 +60,7 @@ msg(const char *fmt, ...) static void usage(void) { + msg("Only the \"svnserve -t\" command is available."); exit(1); } @@ -80,7 +80,7 @@ shell(char *argv[], int interactive) } static int -karmacheck(FILE *fp, char *name) +karmacheck(FILE *fp, const char *name) { char buf[1024]; char *p, *s; @@ -107,6 +107,26 @@ karmacheck(FILE *fp, char *name) return karma; } +static int +read_access(const char *accessf, const char *name) +{ + FILE *fp; + int karma; + + karma = 0; + /* Must not fail. */ + fp = fopen(accessf, "r"); + if (fp == NULL) { + msg("Cannot open %s", accessf); + exit(1); + } else { + karma = karmacheck(fp, name); + fclose(fp); + } + + return (karma); +} + int main(int argc, char *argv[]) { @@ -119,12 +139,9 @@ main(int argc, char *argv[]) gid_t repogid; gid_t mygroups[NGROUPS_MAX]; int ngroups; - int karma; - int shellkarma; + int karma, shellkarma; umask(002); - karma = 0; - shellkarma = 0; openlog("svnssh", LOG_PID | LOG_NDELAY, LOG_AUTH); pw = getpwuid(getuid()); if (pw == NULL) { @@ -136,9 +153,11 @@ main(int argc, char *argv[]) exit(1); } - /* save in a static buffer */ + /* Save in a static buffer. */ strlcpy(username, pw->pw_name, sizeof(username)); + endpwent(); + shellkarma = 0; ngroups = getgroups(NGROUPS_MAX, mygroups); if (ngroups > 0) { gr = getgrnam("shell"); @@ -191,27 +210,15 @@ main(int argc, char *argv[]) exit(1); } - fp = fopen(BASEACCESS, "r"); - if (fp == NULL) { - msg("Cannot open %s", BASEACCESS); - exit(1); - } else { - karma += karmacheck(fp, pw->pw_name); - fclose(fp); - } + karma = 0; +#ifdef BASEACCESS + karma += read_access(BASEACCESS, username); +#endif #ifdef DOCACCESS - /* Allow for failures due to NFS */ - if ((fp = fopen(DOCACCESS, "r")) != NULL) { - karma += karmacheck(fp, pw->pw_name); - fclose(fp); - } + karma += read_access(DOCACCESS, username); #endif #ifdef PORTSACCESS - /* Allow for failures due to NFS */ - if ((fp = fopen(PORTSACCESS, "r")) != NULL) { - karma += karmacheck(fp, pw->pw_name); - fclose(fp); - } + karma += read_access(PORTSACCESS, username); #endif if (karma > 0) {