mirror/ git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-05-12 03:36:10 +02:00
Code

git-cvsserver: use a password file cvsserver pserver 

If a git repository is shared via HTTP, the config file is typically
visible.  Use an external file instead.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Sam Vilain 2010-05-15 15:07:54 +00:00 committed by Junio C Hamano
parent 031a027a72
commit c057bad370
2 changed files with 33 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Documentation/git-cvsserver.txt
View File

@ -100,16 +100,27 @@ looks like
------ ------
Only anonymous access is provided by pserve by default. To commit you Only anonymous access is provided by pserve by default. To commit you
will have to create pserver accounts, simply add a [gitcvs.users] will have to create pserver accounts, simply add a gitcvs.authdb
section to the repositories you want to access, for example: setting in the config file of the repositories you want the cvsserver
to allow writes to, for example:
------ ------
[gitcvs.users] [gitcvs]
someuser = somepassword authdb = /etc/cvsserver/passwd
otheruser = otherpassword
------ ------
The format of these files is username followed by the crypted password,
for example:
------
myuser:$1Oyx5r9mdGZ2
myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
------
You can use the 'htpasswd' facility that comes with Apache to make these
files, but Apache's MD5 crypt method differs from the one used by most C
library's crypt() function, so don't use the -m option.
Then provide your password via the pserver method, for example: Then provide your password via the pserver method, for example:
------ ------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name> cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>

33
git-cvsserver.perl
View File

@ -189,24 +189,25 @@
unless ($user eq 'anonymous') { unless ($user eq 'anonymous') {
# Trying to authenticate a user # Trying to authenticate a user
if (not exists $cfg->{gitcvs}->{users}) { if (not exists $cfg->{gitcvs}->{authdb}) {
print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n"; print "E the repo config file needs a [gitcvs.authdb] section with a filename\n";
print "I HATE YOU\n"; print "I HATE YOU\n";
exit 1; exit 1;
} elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) {
#print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n";
print "I HATE YOU\n";
exit 1;
} else {
my $descrambled_password = descramble($password);
my $cleartext_password = $cfg->{gitcvs}->{users}->{$user};
if ($descrambled_password ne $cleartext_password) {
#print "E The password supplied for user $user was incorrect\n";
print "I HATE YOU\n";
exit 1;
}
# else fall through to LOVE
} }
my $auth_ok;
open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!;
while(<PASSWD>) {
if (m{^\Q$user\E:(.*)}) {
if (crypt($user, $1) eq $1) {
$auth_ok = 1;
}
};
}
unless ($auth_ok) {
print "I HATE YOU\n";
exit 1;
}
# else fall through to LOVE
} }
# For checking whether the user is anonymous on commit # For checking whether the user is anonymous on commit
@ -337,7 +338,7 @@ sub req_Root
} }
foreach my $line ( @gitvars ) foreach my $line ( @gitvars )
{ {
next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver|users)\.)?([\w-]+)=(.*)$/ ); next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver)\.)?([\w-]+)=(.*)$/ );
unless ($2) { unless ($2) {
$cfg->{$1}{$3} = $4; $cfg->{$1}{$3} = $4;
} else { } else {