Browse Source

git-cvsserver: use a password file cvsserver pserver

If a git repository is shared via HTTP, the config file is typically
visible.  Use an external file instead.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Sam Vilain 15 years ago committed by Junio C Hamano
parent
commit
c057bad370
  1. 21
      Documentation/git-cvsserver.txt
  2. 29
      git-cvsserver.perl

21
Documentation/git-cvsserver.txt

@ -100,16 +100,27 @@ looks like @@ -100,16 +100,27 @@ looks like
------

Only anonymous access is provided by pserve by default. To commit you
will have to create pserver accounts, simply add a [gitcvs.users]
section to the repositories you want to access, for example:
will have to create pserver accounts, simply add a gitcvs.authdb
setting in the config file of the repositories you want the cvsserver
to allow writes to, for example:

------

[gitcvs.users]
someuser = somepassword
otheruser = otherpassword
[gitcvs]
authdb = /etc/cvsserver/passwd

------
The format of these files is username followed by the crypted password,
for example:

------
myuser:$1Oyx5r9mdGZ2
myuser:$1$BA)@$vbnMJMDym7tA32AamXrm./
------
You can use the 'htpasswd' facility that comes with Apache to make these
files, but Apache's MD5 crypt method differs from the one used by most C
library's crypt() function, so don't use the -m option.

Then provide your password via the pserver method, for example:
------
cvs -d:pserver:someuser:somepassword <at> server/path/repo.git co <HEAD_name>

29
git-cvsserver.perl

@ -189,24 +189,25 @@ if ($state->{method} eq 'pserver') { @@ -189,24 +189,25 @@ if ($state->{method} eq 'pserver') {

unless ($user eq 'anonymous') {
# Trying to authenticate a user
if (not exists $cfg->{gitcvs}->{users}) {
print "E the repo config file needs a [gitcvs.users] section with user/password key-value pairs\n";
if (not exists $cfg->{gitcvs}->{authdb}) {
print "E the repo config file needs a [gitcvs.authdb] section with a filename\n";
print "I HATE YOU\n";
exit 1;
} elsif (exists $cfg->{gitcvs}->{users} and not exists $cfg->{gitcvs}->{users}->{$user}) {
#print "E the repo config file has a [gitcvs.users] section but the user $user is not defined in it\n";
}
my $auth_ok;
open PASSWD, "<$cfg->{gitcvs}->{authdb}" or die $!;
while(<PASSWD>) {
if (m{^\Q$user\E:(.*)}) {
if (crypt($user, $1) eq $1) {
$auth_ok = 1;
}
};
}
unless ($auth_ok) {
print "I HATE YOU\n";
exit 1;
} else {
my $descrambled_password = descramble($password);
my $cleartext_password = $cfg->{gitcvs}->{users}->{$user};
if ($descrambled_password ne $cleartext_password) {
#print "E The password supplied for user $user was incorrect\n";
print "I HATE YOU\n";
exit 1;
}
# else fall through to LOVE
}
# else fall through to LOVE
}

# For checking whether the user is anonymous on commit
@ -337,7 +338,7 @@ sub req_Root @@ -337,7 +338,7 @@ sub req_Root
}
foreach my $line ( @gitvars )
{
next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver|users)\.)?([\w-]+)=(.*)$/ );
next unless ( $line =~ /^(gitcvs)\.(?:(ext|pserver)\.)?([\w-]+)=(.*)$/ );
unless ($2) {
$cfg->{$1}{$3} = $4;
} else {

Loading…
Cancel
Save