mirror of
https://github.com/git/git.git
synced 2024-05-11 14:46:08 +02:00
git-cvsserver: use crypt correctly to compare password hashes
c057bad370
(git-cvsserver: use a password file cvsserver pserver,
2010-05-15) adds a way for `git cvsserver` to provide authenticated
pserver accounts without having clear text passwords, but uses the
username instead of the password to the call for crypt(3).
Correct that, and make sure the documentation correctly indicates how
to obtain hashed passwords that could be used to populate this
configuration, as well as correcting the hash that was used for the
tests.
This change will require that any user of this feature updates the
hashes in their configuration, but has the advantage of using a more
similar format than cvs uses, probably also easying any migration.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
225bc32a98
commit
a7775c7eb8
|
@ -118,13 +118,11 @@ for example:
|
||||||
myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
|
myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
|
||||||
------
|
------
|
||||||
You can use the 'htpasswd' facility that comes with Apache to make these
|
You can use the 'htpasswd' facility that comes with Apache to make these
|
||||||
files, but Apache's MD5 crypt method differs from the one used by most C
|
files, but only with the -d option (or -B if your system suports it).
|
||||||
library's crypt() function, so don't use the -m option.
|
|
||||||
|
|
||||||
Alternatively you can produce the password with perl's crypt() operator:
|
Preferably use the system specific utility that manages password hash
|
||||||
-----
|
creation in your platform (e.g. mkpasswd in Linux, encrypt in OpenBSD or
|
||||||
perl -e 'my ($user, $pass) = @ARGV; printf "%s:%s\n", $user, crypt($user, $pass)' $USER password
|
pwhash in NetBSD) and paste it in the right location.
|
||||||
-----
|
|
||||||
|
|
||||||
Then provide your password via the pserver method, for example:
|
Then provide your password via the pserver method, for example:
|
||||||
------
|
------
|
||||||
|
|
|
@ -222,7 +222,7 @@
|
||||||
open my $passwd, "<", $authdb or die $!;
|
open my $passwd, "<", $authdb or die $!;
|
||||||
while (<$passwd>) {
|
while (<$passwd>) {
|
||||||
if (m{^\Q$user\E:(.*)}) {
|
if (m{^\Q$user\E:(.*)}) {
|
||||||
if (crypt($user, descramble($password)) eq $1) {
|
if (crypt(descramble($password), $1) eq $1) {
|
||||||
$auth_ok = 1;
|
$auth_ok = 1;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
@ -36,6 +36,8 @@ CVSWORK="$PWD/cvswork"
|
||||||
CVS_SERVER=git-cvsserver
|
CVS_SERVER=git-cvsserver
|
||||||
export CVSROOT CVS_SERVER
|
export CVSROOT CVS_SERVER
|
||||||
|
|
||||||
|
PWDHASH='lac2ItudM3.KM'
|
||||||
|
|
||||||
rm -rf "$CVSWORK" "$SERVERDIR"
|
rm -rf "$CVSWORK" "$SERVERDIR"
|
||||||
test_expect_success 'setup' '
|
test_expect_success 'setup' '
|
||||||
git config push.default matching &&
|
git config push.default matching &&
|
||||||
|
@ -54,7 +56,7 @@ test_expect_success 'setup' '
|
||||||
GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true &&
|
GIT_DIR="$SERVERDIR" git config --bool gitcvs.enabled true &&
|
||||||
GIT_DIR="$SERVERDIR" git config gitcvs.logfile "$SERVERDIR/gitcvs.log" &&
|
GIT_DIR="$SERVERDIR" git config gitcvs.logfile "$SERVERDIR/gitcvs.log" &&
|
||||||
GIT_DIR="$SERVERDIR" git config gitcvs.authdb "$SERVERDIR/auth.db" &&
|
GIT_DIR="$SERVERDIR" git config gitcvs.authdb "$SERVERDIR/auth.db" &&
|
||||||
echo cvsuser:cvGVEarMLnhlA > "$SERVERDIR/auth.db"
|
echo "cvsuser:$PWDHASH" >"$SERVERDIR/auth.db"
|
||||||
'
|
'
|
||||||
|
|
||||||
# note that cvs doesn't accept absolute pathnames
|
# note that cvs doesn't accept absolute pathnames
|
||||||
|
|
Loading…
Reference in New Issue